TomHennen
commented
1 week ago The gist of the issue is ensuring the 'source control platform' definition is complete and includes the identity services they provide.
See also this discussion
Open TomHennen opened 1 week ago
TomHennen
commented
1 week ago The gist of the issue is ensuring the 'source control platform' definition is complete and includes the identity services they provide.
See also this discussion
That identity is what would typically be used to build out "authentic contributions." Source control platforms will also provide timestamps for activities.
_Originally posted by @zachariahcox in https://github.com/slsa-framework/slsa/pull/1037#discussion_r1588328403_