Feature or enhancement request details

When pulling a container a user can specify the scheme used to pull the container which can be "https", "http" or "auto" with "auto" being the default. However the meaning of "auto" is unclear. For example it could mean trying protocols based on what is available, or based on some configuration file, or based on the url or any number of meanings. This could have security implications for some of these behaviours, particularly when pulling on a network the user does not control.

Looking at the code:

https://github.com/apple/container/blob/main/Sources/ContainerClient/RequestScheme.swift

It looks like the behaviour is: If it is determined that the registry is a local host (this seems to be loopback, RFC1918 space or if its domain matches the local machine's default domain for containers (https://github.com/apple/container/blob/main/Sources/ContainerPersistence/DefaultsStore.swift), it connects via http, otherwise it connects via https. Assuming my reading of the code is correct (I am not a Swift developer) this should be documented.

Code of Conduct

• I agree to follow this project's Code of Conduct