[Bug Infrastructure/29615] prototype & document SOP for signed-git-op repo
mark at klomp dot org
sourceware-bugzilla@sourceware.org
Tue Sep 27 11:45:57 GMT 2022
https://sourceware.org/bugzilla/show_bug.cgi?id=29615
Mark Wielaard <mark at klomp dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mark at klomp dot org
--- Comment #4 from Mark Wielaard <mark at klomp dot org> ---
It would be nice to go through the source integrity threats identified in
https://slsa.dev/spec/v0.1/threats
For a sourceware project that means checking section (A) "Submit unauthorized
change" of:
https://slsa.dev/spec/v0.1/threats#source-integrity-threats
Almost all of those are policy issues, but it would be good to note where our
setup doesn't support adopting a specific policy change (if wanted, I think
some of there policy changes are a bit heavy-handed, not everybody wants to be
SLSA4 compliant, but it would be nice to make sure that technically a project
can choose to adopt them).
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Overseers
mailing list