On-going integrations page isn't particularly helpful

[ultrasaurus]

https://in-toto.github.io/integrations.html -- I'd expect links to open issues or other information on each project.

For example: "We are actively working with the debian community" -- if I worked on Debian, I'd want a pointer to where these discussions are taking place, maybe an open issue (in your repo or theirs) or mailing list or wiki page...

[lukpueh]

Here's a collection of resources that we could work into the items on the integrations page (plus some additional items):

Reproducible builds (mostly for Debian) https://salsa.debian.org/reproducible-builds/debian-rebuilder-setup https://github.com/in-toto/apt-transport-in-toto https://ssl.engineering.nyu.edu/blog/2019-01-18-in-toto-paris

Debian https://debconf17.debconf.org/talks/100/ https://in-toto.github.io/examples/debian.html

Kubernetes https://github.com/in-toto/kubectl-in-toto https://github.com/in-toto/in-toto-webhook https://github.com/in-toto/in-toto-golang https://ssl.engineering.nyu.edu/blog/2018-10-08-in-toto-tuf-book

Grafeas https://www.youtube.com/watch?v=05zN-YQxEAM https://cloud.google.com/blog/products/gcp/exploring-container-security-digging-into-grafeas-container-image-metadata https://github.com/in-toto/totoify-grafeas https://github.com/in-toto/demo-jekyll

Control Plane https://control-plane.io/posts/kubernetes-predictions-for-2019/ https://lists.archlinux.org/pipermail/pacman-dev/2017-September/022123.html

Jenkins https://plugins.jenkins.io/in-toto https://github.com/in-toto/in-toto-java

git https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/torres-arias https://public-inbox.org/git/20170117233723.23897-1-santiago@nyu.edu/

ArchLinux https://git.archlinux.org/pacman.git/commit/?id=39319c1860d200a9b4a3cc2c6975e3cece502f2d

OpenSuse https://github.com/in-toto/demo-opensuse

Polypasswordhasher https://in-toto.github.io/examples/polypasswordhasher.html

Seattle https://in-toto.github.io/examples/seattle.html

@SantiagoTorres, do you have any additional pointers especially for: repeatr, docker, control plane, archlinux, spdx, govready?

[lukpueh]

Datadog https://www.datadoghq.com/blog/engineering/secure-publication-of-datadog-agent-integrations-with-tuf-and-in-toto/

[SantiagoTorres]

I wonder if 1682bd7 and 3655ddf resolves this issue (even if partially). Do you think we need bigger changes, @ultrasaurus ?

[lukpueh]

What about the other items, I listed links for, i.e. Grafeas, Kubernetes, Control Plane, Jenkins (IMHO we can skip Seattle and PPH)? And the other things I asked you about, i.e. repeatr, docker, spdx, govready?