github-actions[bot]
commented
2 months ago This issue has been marked stale because it has been open for 60 days with no activity.
Open junyer opened 7 months ago
github-actions[bot]
commented
2 months ago This issue has been marked stale because it has been open for 60 days with no activity.
https://github.com/ossf/scorecard/blob/b577d79c96b76e6d3f17dd46003ac336b8ee4885/docs/checks.md?plain=1#L607-L613
In light of CVE-2024-3094, could the
Signed-Releasesremediation steps not encourage manual manipulation of the source code archives? :PFWIW, I filed this feature request for SLSA folks five months ago. Earlier today, I stopped waiting and wrote this workflow using Sigstore instead.