[Bug Infrastructure/29615] prototype & document SOP for signed-git-op repo

mark at klomp dot org sourceware-bugzilla@sourceware.org
Tue Sep 27 11:45:57 GMT 2022


Mark Wielaard <mark at klomp dot org> changed:

           What    |Removed                     |Added
                 CC|                            |mark at klomp dot org

--- Comment #4 from Mark Wielaard <mark at klomp dot org> ---
It would be nice to go through the source integrity threats identified in

For a sourceware project that means checking section (A) "Submit unauthorized
change" of:

Almost all of those are policy issues, but it would be good to note where our
setup doesn't support adopting a specific policy change (if wanted, I think
some of there policy changes are a bit heavy-handed, not everybody wants to be
SLSA4 compliant, but it would be nice to make sure that technically a project
can choose to adopt them).

You are receiving this mail because:
You are the assignee for the bug.

More information about the Overseers mailing list