[Bug Infrastructure/29615] prototype & document SOP for signed-git-op repo

mark at klomp dot org sourceware-bugzilla@sourceware.org
Tue Sep 27 11:45:57 GMT 2022


https://sourceware.org/bugzilla/show_bug.cgi?id=29615

Mark Wielaard <mark at klomp dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mark at klomp dot org

--- Comment #4 from Mark Wielaard <mark at klomp dot org> ---
It would be nice to go through the source integrity threats identified in
https://slsa.dev/spec/v0.1/threats

For a sourceware project that means checking section (A) "Submit unauthorized
change" of:
https://slsa.dev/spec/v0.1/threats#source-integrity-threats

Almost all of those are policy issues, but it would be good to note where our
setup doesn't support adopting a specific policy change (if wanted, I think
some of there policy changes are a bit heavy-handed, not everybody wants to be
SLSA4 compliant, but it would be nice to make sure that technically a project
can choose to adopt them).

-- 
You are receiving this mail because:
You are the assignee for the bug.


More information about the Overseers mailing list