Open TomHennen opened 1 week ago
@joshuagl notes that in SLSA v1 we provide guidance to consumers on how to evaluate build platforms https://slsa.dev/spec/v1.0/verifying-systems.
We should do something similar for source.
See discussion here
@joshuagl notes that in SLSA v1 we provide guidance to consumers on how to evaluate build platforms https://slsa.dev/spec/v1.0/verifying-systems.
We should do something similar for source.