Context: After evaluating the DockerHub Verified Publisher Program and receiving a mail with “it costs as little as $5k per year” I have come to the conclusion that it’s not worth it
I just want the dockerfile that generated the image.
For large companies that serve many customers 5K per year is a drop in a bucket. If it provides their customers with a more secure experience, it is worth it.
It’s all proprietary drivel & should be avoided.
But how will people know your container is official besides all the hints on your website?
To be fair, they are providing several services with it, along with the data hosting. Being verified also means you get boosted in search results, with comes with more downloads. So at least the cost can be somewhat justified. Whether it’s too much is valid for debate.