• Mark Lodato's avatar
    Clarify SLSA requirements. · d0c79147
    Mark Lodato authored
    Changes to requirements:
    - Remove "Source Integrity", add immutable references to "Hermetic".
    - Drop "Common" from SLSA 2 because it is likely expensive.
    - Split out "Ephemeral Environment" from "Isolation" (from #52).
    - Explain that GH-generated merge commits meet Verified History (from #52).
    - Clarify that all artifact references are immutable (from #52).
    - Rename "Dependencies" to "Dependencies Complete" to avoid confusion.
    - Define "SLSA level", "provenance", and "top-level source."
    - Other minor cleanups.