-
(I recently attended Open Source Summit in Vancouver, and this issue is based on a convo with Anne Bertucio from Google, who directed me to post an issue here. Apologies in advance if there is a bette…
-
A company that does SLSA will likely have more requirements than are strictly defined in the SLSA specification. For example, they might have requirements about two-party review (not in SLSA v1.0), or…
-
When creating a new workflow using the suggested "Java with Maven" it includes the maven dependancy submission action.
For example:
```yaml
name: Java CI with Maven
on:
push:
branche…
-
Hi, I read occlum's paper and tried occlum, but I have a question about it.
Suppose a user wants to run a trusted program to process his private data on a cloud machine. But the program does not use …
-
### Brief description of your issue
I'm trying to search for a software on msstore specifically with winget 1.4.10173 and I get this error message :
Failed when opening source(s); try the 'sourc…
-
I am using please build and would love to see some provenance attestation data being output when I run the build. Lately the requests in open source for provenance data is growing and also in the busi…
-
/kind feature
**Why you need this feature:**
We need this implemented so we can deliver a more mature, stable, secure, trusted and commercially supported Kubeflow release.
Currently, we don't …
-
**Description**
Positioning SIG would like to create a webinar or video _(may be a series)_ to deep dive into SLSA implementation._(Length TBD)_
**Background**
From [June 14th Meeting](https://do…
-
We need a better plan for how to integrate link files, the layout, delegated layouts, etc. into software we distribute. Asking the user to copy a bunch of things really doesn't cut it.
Should th…
-
Hello, I noticed this project uses PGP signatures and wanted to make you all aware of [my proposed PEP](https://peps.python.org/pep-0761/) for deprecating PGP signatures in future Python versions. Ple…