Define "trusted control plane" #367
Assignees
Labels
clarification
Clarification of the spec, without changing meaning
slsa 3
Applies to a SLSA 3 requirement
Milestone
Comments
MarkLodato
added
clarification
|
+1 to resolving this for v1.0. |
|
This may have been addressed by #568. |
|
This can be further clarified because requirements.md says "trusted control plane" without linking to a definition. Simple solution is to link to the corresponding page in verifying build systems. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Another phrase which occurs a few times in the SLSA requirements but is not clearly defined (or I haven't found the definition!) is trusted control plane.
It would be very useful to have this clearly defined in the SLSA terminology, especially how it could apply to different systems, for example this phrase would likely mean something different for GitHub Actions which is hosted and has complete control over the control plane vs. for something like Tekton where the trusted control plane depends on how Tekton is configured and also may include components such as Tasks
(More context available in SLSA + Tekton: Case Study - particularly the section around what trusted control plane could mean for Tekton - the doc is visible to anyone in mailing list [email protected] ).
The text was updated successfully, but these errors were encountered: