Open TomHennen opened 1 week ago
Source control platforms will typically provide an identity model too.
That identity is what would typically be used to build out "authentic contributions." Source control platforms will also provide timestamps for activities.
_Originally posted by @zachariahcox in https://github.com/slsa-framework/slsa/pull/1037#discussion_r1588328403_
The gist of the issue is ensuring the 'source control platform' definition is complete and includes the identity services they provide.
See also this discussion
That identity is what would typically be used to build out "authentic contributions." Source control platforms will also provide timestamps for activities.
_Originally posted by @zachariahcox in https://github.com/slsa-framework/slsa/pull/1037#discussion_r1588328403_