Merge pull request #8595 from fredlf/signed-image-doco

Expanded release notes
Upstream-commit: 2eb9c0bfd457665840b1bc5b80cc5a967c1ede5d
Component: engine

components/engine/docs/sources/index.md

@@ -110,14 +110,20 @@ ability to configure things like volumes or port mappings before the container
 is started. For example, in a rapid-response scaling situation, you could use
 `create` to prepare and stage ten containers in anticipation of heavy loads.
 
-*New provenance features*
-
-Official images are now signed by Docker, Inc. to improve your confidence and
-security. Look for the blue ribbons on the [Docker Hub](https://hub.docker.com/).
-The Docker Engine has been updated to automatically verify that a given Official
-Repo has a current, valid signature. If no valid signature is detected, Docker
-Engine will use a prior image.
+*Tech preview of new provenance features*
 
+This release offers a sneak peek at new image signing capabilities that are
+currently under development. Soon, these capabilities will allow any image
+author to sign their images to certify they have not been tampered with. For
+this release, Official images are now signed by Docker, Inc. Not only does this
+demonstrate the new functionality, we hope it will improve your confidence in
+the security of Official images. Look for the blue ribbons denoting signed
+images on the [Docker Hub](https://hub.docker.com/).
+The Docker Engine has been updated to automatically verify that a given
+Official Repo has a current, valid signature. When pulling a signed image,
+you'll see a message stating `the image you are pulling has been verified`. If
+no valid signature is detected, Docker Engine will fall back to pulling a
+regular, unsigned image.
 
 *Other improvements & changes*