What's an SCC?

[TBBle]

The spec refers to an SCC. Is that intended to be SSC? That doesn't quite fit the sentence though, it seems like it's a tool or environment, rather than the SSC which is defined as a series of steps.

Same thing showed up in 0.9 too.

[lukpueh]

Thanks for submitting this issue. It is indeed a typo and should be SSC, short for Software Supply Chain.

Not sure why it shouldn't fit in though. The software supply chain is a series of steps, and the supply chain layout defines this series of steps required for a particular software product.

[TBBle]

I'm just having a hard time parsing it, because they're both series of steps, but one is carried out in the other? I think "in" is the wrong connector...

I'm unsure if it's intended to be "from", i.e. the SSC contains all possible steps, and the layout specifies a which steps, in what order, and their requirements and actors;

a signed file that dictates the series of steps that need to be carried out from the SSC to create a final product

or if it's actually that the layout is just the signed record format for the (conceptual) SSC for a project, and in this case the words "the series of steps that need to be carried out in" could be removed to clarify this.

a signed file that dictates the SSC to create a final product

I would guess it's actually the latter, based on later usage such as "Project owner: defines the layout of a software supply chain".

It's also possible there's another, intended, parsing of this sentence that is completely bypassing me.

[lukpueh]

It's the latter. As both co-author and non-native english speaker, it's hard to spot such ambiguities. I'm fine with your second suggestion though, especially since the steps are mentioned in the subsequent sentence.

Let's see what our chief of words, @jhdalek55, has to say. :)

[jhdalek55]

I'll take a look. I think I need to see the phrase in context.

[lukpueh]

Thanks, Lois! It's the first sentence in this paragraph, i.e.:

a signed file that dictates the series of steps that need to be carried out in the SCC to create a final product.

[jhdalek55]

Ok..In terms of grammatical issues "in" or "within" probably is the more accurate choice. However, given that you just defined what a software supply chain is, I think there is no need to repeat the phrase "the series of steps that need to be carried out in the SCC." I would suggest: "a signed file that dictates which SSC steps are required to create the desired final product." It is less wordy and therefore clearer.