This project is mirrored from https://github.com/slsa-framework/slsa.git. Pull mirroring updated .
  1. 24 Jun, 2021 2 commits
  2. 23 Jun, 2021 6 commits
  3. 22 Jun, 2021 7 commits
  4. 21 Jun, 2021 6 commits
  5. 18 Jun, 2021 1 commit
  6. 17 Jun, 2021 3 commits
  7. 14 Jun, 2021 2 commits
  8. 11 Jun, 2021 2 commits
  9. 10 Jun, 2021 4 commits
  10. 09 Jun, 2021 4 commits
    • Mark Lodato's avatar
      Merge pull request #56 from MarkLodato/provisional · 21e12e71
      Mark Lodato authored
      Remove "proposed" wording.
      21e12e71
    • Mark Lodato's avatar
      Remove "proposed" wording. · 529afa03
      Mark Lodato authored
      Minor changes to remove the notion that this is a "proposal" and instead
      just describe SLSA as it is.
      
      Also explain that levels 2-3 are likely to change in the future, rather
      than using some sort of symbol (*) or term (provisional), since
      technically all requirements are subject to change. It's just that 2-3
      are more likely to change.
      529afa03
    • Mark Lodato's avatar
      Merge pull request #55 from MarkLodato/clarification · acc814a1
      Mark Lodato authored
      Clarify SLSA requirements.
      acc814a1
    • Mark Lodato's avatar
      Clarify SLSA requirements. · d0c79147
      Mark Lodato authored
      Changes to requirements:
      - Remove "Source Integrity", add immutable references to "Hermetic".
      - Drop "Common" from SLSA 2 because it is likely expensive.
      
      Clarifications:
      - Split out "Ephemeral Environment" from "Isolation" (from #52).
      - Explain that GH-generated merge commits meet Verified History (from #52).
      - Clarify that all artifact references are immutable (from #52).
      - Rename "Dependencies" to "Dependencies Complete" to avoid confusion.
      - Define "SLSA level", "provenance", and "top-level source."
      - Other minor cleanups.
      d0c79147
  11. 08 Jun, 2021 3 commits
    • Mark Lodato's avatar
      Merge pull request #54 from MarkLodato/diagrams · 17b77918
      Mark Lodato authored
      Update Vision section with latest changes.
      17b77918
    • Mark Lodato's avatar
      Update Vision section with latest changes. · 6ee42edd
      Mark Lodato authored
      - Make the vision diagrams consistent with the terminology section:
        - Output is on the right, input is on the left.
        - Use colors consistently.
        - Rename "resource" to "artifact locator".
        - Simplify the diagram to reduce confusion (fixes #31).
      - Update the level explanations based on recent changes:
        - SLSA 1 is unsigned.
        - Add SLSA 1.5 (merged with the SLSA 2 section).
        - Minor wording updates.
      - Remove Deployment Policies section. We will eventually need to explain
        policies, but for now let's omit it until we agree on what that should
        look like.
      6ee42edd
    • Mark Lodato's avatar
      Merge pull request #53 from MarkLodato/terminology · 6f552a33
      Mark Lodato authored
      Remove Resource and Deploy to simplify the model.
      6f552a33