-
Notifications
You must be signed in to change notification settings - Fork 218
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add SLSA conformance to requirements page #572
Conversation
slsa-framework#515 Signed-off-by: kpk47 <[email protected]>
✅ Deploy Preview for slsa ready!
To edit notification comments on pull requests, go to your Netlify site settings. |
Signed-off-by: kpk47 <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm thrilled with the progress we've made so far. There are a few areas we can refine to make things even better.
Thanks @kpk47!
Co-authored-by: Arnaud J Le Hors <[email protected]> Signed-off-by: kpk47 <[email protected]>
Co-authored-by: Joshua Mulliken <[email protected]> Signed-off-by: kpk47 <[email protected]>
Signed-off-by: kpk47 <[email protected]>
Signed-off-by: kpk47 <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd like to hear @lehors's opinion as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I must admit that I don't see much value in the AUDITOR section. It merely contains a MAY and a couple of SHOULDs that don't buy us much.
I would much prefer that we scrap this off and instead add that consumers MUST ensure that the build systems they depend on are conformant and that to do so they can either do their own audit leveraging the prompts in the verifying systems or leverage the certification program which lists conformant systems.
We can leave it to the certification program to get into the details of what certifiers are required to do.
Co-authored-by: Mark Lodato <[email protected]> Signed-off-by: kpk47 <[email protected]>
Signed-off-by: kpk47 <[email protected]>
@kpk47 I think it was premature to merge this. I said that I thought the AUDITOR section should be deleted and @MarkLodato agreed. |
I'm so sorry. I'm still not used to tracking code reviews in GitHub and thought that I'd addressed all the open comments. I'll send another PR. |
* Add SLSA conformance to requirements page slsa-framework#515 Signed-off-by: kpk47 <[email protected]> * lint Signed-off-by: kpk47 <[email protected]> * Update docs/spec/v1.0/requirements.md Co-authored-by: Arnaud J Le Hors <[email protected]> Signed-off-by: kpk47 <[email protected]> * Update docs/spec/v1.0/requirements.md Co-authored-by: Joshua Mulliken <[email protected]> Signed-off-by: kpk47 <[email protected]> * review comments & added requirement that attestation include SLSA levels Signed-off-by: kpk47 <[email protected]> * review comments Signed-off-by: kpk47 <[email protected]> * Update docs/spec/v1.0/requirements.md Co-authored-by: Mark Lodato <[email protected]> Signed-off-by: kpk47 <[email protected]> * line wrap Signed-off-by: kpk47 <[email protected]> --------- Signed-off-by: kpk47 <[email protected]> Signed-off-by: kpk47 <[email protected]> Co-authored-by: Arnaud J Le Hors <[email protected]> Co-authored-by: Joshua Mulliken <[email protected]> Co-authored-by: Mark Lodato <[email protected]>
#515
Signed-off-by: kpk47 [email protected]