• Mark Lodato's avatar
    Remove Resource and Deploy to simplify the model. · 03699118
    Mark Lodato authored
    Previously, we differentiated between Resources and Artifacts, and SLSA
    was a property of a Resource's security policy. However, many readers
    found this concept very confusing.
    
    Now, SLSA is purely a property of the artifact. If provenance exists
    showing that it met the requirements, the artifact meets the level. No
    policy or notion of "resource" is required. This simplifies the model at
    some cost of security, which we have collectively decided is worth the
    trade-off.
    
    NOTE: The Vision section will be updated in a future change.
    03699118