drop authoritative-source-url label #92
Description
Please drop the authoritative-source-url label from the specification:
- It is easy for this to become stale over time as organizations rename their public-facing registries.
- This label cannot support multiple registries.
- It has never been authoritative from the point of view of trust. It's easy for anyone to forge the value, and we should encourage container users to authenticate their images with cryptographic means instead.