Define "trusted control plane" #367
Labels
clarification
Clarification of the spec, without changing meaning
slsa 3
Applies to a SLSA 3 requirement
Milestone
Another phrase which occurs a few times in the SLSA requirements but is not clearly defined (or I haven't found the definition!) is trusted control plane.
It would be very useful to have this clearly defined in the SLSA terminology, especially how it could apply to different systems, for example this phrase would likely mean something different for GitHub Actions which is hosted and has complete control over the control plane vs. for something like Tekton where the trusted control plane depends on how Tekton is configured and also may include components such as Tasks
(More context available in SLSA + Tekton: Case Study - particularly the section around what trusted control plane could mean for Tekton - the doc is visible to anyone in mailing list [email protected] ).
The text was updated successfully, but these errors were encountered: