Document how to manually create trust policy for RC1 first run experience

[toddysm]

For RC1 we don't have good experience to create trust policy even for the test scenario notation cert generate-test. We should document the manual steps to create policy for the test cert and place it in the correct place depending on the OS folder structure.

CC:// @zr-msft

[vaninrao10]

@toddysm - Can you please add few scenarios so the documentation covers those user experience. Once we establish the expectation from RC-1 and document the user scenarios described in our meeting, it will help our team to accurately narrate it in the documentation.

[toddysm]

I believe the agreement here was to just document the manual creation of the policy for the test cert as part of the first run experience. We will document the scenarios in notaryproject/notation#438

[yizha1]

@toddysm should we improve the quick start https://notaryproject.dev/docs/quickstart/?

[yizha1]

@toddysm @dtzar How about creating a document of FAQ for user to easily configure trust policies?

• Why do I need to configure a trust policy?
• How do I create multiple policies for different repositories?
• How do I apply a policy for multiple repositories?
• How do I trust any signing certificates?
• How do I trust specific signing certificates?
• How do I apply trust policy for all artifacts?
• Can I use asterisk character * in a repository URI?
• more...

[zr-msft]

@yizha1 @toddysm I think we should keep the current quickstart and create an additional guide/quickstart with this flow. They both have value

[zr-msft]

@toddysm @dtzar How about creating a document of FAQ for user to easily configure trust policies?

• Why do I need to configure a trust policy?

• How do I create multiple policies for different repositories?

• How do I apply a policy for multiple repositories?

• How do I trust any signing certificates?

• How do I trust specific signing certificates?

• How do I apply trust policy for all artifacts?

• Can I use asterisk character * in a repository URI?

• more...

We can create content on all of the above, but I don't think an FAQ is a good fit for everything.

FAQ guides tend to work best when they answer questions and provide context, not necessarily telling a user how to do something.

These are good FAQ questions:

• Why do I need to configure a trust policy?
• Can I use asterisk character * in a repository URI?

Everything else would work better as part of a how-to guide.

[toddysm]

@yizha1 I think the current quick guide https://notaryproject.dev/docs/quickstart/ is good enough. Few comments about it though:

• @zr-msft I believe there are some grammatical and misspelling mistakes, can you proof-read?
• Should this be after the installation guide in the navigation?
• @yizha1 do we need the following:

For users want to enable trust policy for specific repositories, set the registryScopes as following

registryScopes": [ 
    "localhost:5000/net-monitor",
    "localhost:5000/nginx",
    "localhost:5000/hello-world"
]