• Mark Lodato's avatar
    Rework SLSA requirements. · 2b328fb8
    Mark Lodato authored
    SLSA 1 is now fully defined and has lower requirements.
    Major changes:
    - Replace "Readability" with "Version Control", removed at SLSA 1.
    - Add "Build Service", required at SLSA 2.
    - Split "Provenance" into three rows, and do not require tamper
      resistance (e.g. signing) until SLSA 2.
    - Remove "Enforcement". This is now orthogonal to the level.
    - Do not require "Logging", "Policy", or "Common" until SLSA 2.
    - Simplify "Policy" to not talk about build entry point.
    Minor changes:
    - Rename "Change History" to "Verified History".