Unverified Commit fdbc0ed7 authored by Tom Hennen's avatar Tom Hennen Committed by GitHub
Browse files

Fix numbering.

parent 5bfb221f
......@@ -13,11 +13,11 @@ Fooly can acheive these goals when publishing their app by:
2. Upgrading their build system to meet higher SLSA levels.
3. Ensuring the Fooly app **MUST** go through a secure choke-point in order to be published/signed.
4. Have the choke-point check the candiate Fooly app against it's provenance, checking:
1. That the expected builder created it.
2. That the builder meets some minimum SLSA level
3. That the source repos listed in the provenance meet some minimum SLSA level
4. That the build entry point listed in the provenance is what they expect
5. (TBD) That the binary dependencies listed in the provenance meet some minimum SLSA level
1. That the expected builder created it.
2. That the builder meets some minimum SLSA level
3. That the source repos listed in the provenance meet some minimum SLSA level
4. That the build entry point listed in the provenance is what they expect
5. (TBD) That the binary dependencies listed in the provenance meet some minimum SLSA level
5. Only publishing the app if all the checks in #4 pass.
This approach allows Fooly to acheive their goals without requiring any changes from their users
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment