Add SLSA conformance to requirements page #572
Conversation
slsa-framework#515 Signed-off-by: kpk47 <[email protected]>
kpk47
requested review from
MarkLodato,
mlieberman85 and
joshuagl
as code owners
✅ Deploy Preview for slsa ready!
To edit notification comments on pull requests, go to your Netlify site settings. |
Signed-off-by: kpk47 <[email protected]>
Co-authored-by: Arnaud J Le Hors <[email protected]> Signed-off-by: kpk47 <[email protected]>
Co-authored-by: Joshua Mulliken <[email protected]> Signed-off-by: kpk47 <[email protected]>
Signed-off-by: kpk47 <[email protected]>
Signed-off-by: kpk47 <[email protected]>
There was a problem hiding this comment.
I must admit that I don't see much value in the AUDITOR section. It merely contains a MAY and a couple of SHOULDs that don't buy us much.
I would much prefer that we scrap this off and instead add that consumers MUST ensure that the build systems they depend on are conformant and that to do so they can either do their own audit leveraging the prompts in the verifying systems or leverage the certification program which lists conformant systems.
We can leave it to the certification program to get into the details of what certifiers are required to do.
Co-authored-by: Mark Lodato <[email protected]> Signed-off-by: kpk47 <[email protected]>
Signed-off-by: kpk47 <[email protected]>
|
@kpk47 I think it was premature to merge this. I said that I thought the AUDITOR section should be deleted and @MarkLodato agreed. |
|
I'm so sorry. I'm still not used to tracking code reviews in GitHub and thought that I'd addressed all the open comments. I'll send another PR. |
* Add SLSA conformance to requirements page slsa-framework#515 Signed-off-by: kpk47 <[email protected]> * lint Signed-off-by: kpk47 <[email protected]> * Update docs/spec/v1.0/requirements.md Co-authored-by: Arnaud J Le Hors <[email protected]> Signed-off-by: kpk47 <[email protected]> * Update docs/spec/v1.0/requirements.md Co-authored-by: Joshua Mulliken <[email protected]> Signed-off-by: kpk47 <[email protected]> * review comments & added requirement that attestation include SLSA levels Signed-off-by: kpk47 <[email protected]> * review comments Signed-off-by: kpk47 <[email protected]> * Update docs/spec/v1.0/requirements.md Co-authored-by: Mark Lodato <[email protected]> Signed-off-by: kpk47 <[email protected]> * line wrap Signed-off-by: kpk47 <[email protected]> --------- Signed-off-by: kpk47 <[email protected]> Signed-off-by: kpk47 <[email protected]> Co-authored-by: Arnaud J Le Hors <[email protected]> Co-authored-by: Joshua Mulliken <[email protected]> Co-authored-by: Mark Lodato <[email protected]>
#515
Signed-off-by: kpk47 [email protected]