hepwori
commented
1 month ago Great timing! @meder has done some early sketches of goals, scope, and shape of a possible dependency track. He'd be a great person to pull in here too.
Open camaleon2016 opened 1 month ago
hepwori
commented
1 month ago Great timing! @meder has done some early sketches of goals, scope, and shape of a possible dependency track. He'd be a great person to pull in here too.
meder
commented
1 month ago Thanks, would love to collaborate. Dependency track issue is here: https://github.com/slsa-framework/slsa/issues/961 You can see the first draft there, which will be reworked based on feedback.
hepwori
commented
3 weeks ago Update on this: as planned, folks from S2C2F and from SLSA Specification met this week to discuss this idea.
Attendees: @adriandiglio @camaleon2016 @haydentherapper @hepwori @meder
Discussion points:
Next steps:
Others — please chime in if I missed or misrepresented anything!
tombedfordgit
commented
1 week ago Hey @meder Were you able to produce the first draft of track principles? As we discuss this opportunity within the S2C2F community, it'd be really useful to understand the delta we'd encounter today. Thanks!
meder
commented
2 days ago @tombedfordgit I should have something to share next week.
Based on discussions within the Supply Chain integrity working group and S2C2F Project we wanted to open discussions on a path for S2C2F to align with SLSA as its dependency track. This would be contingent on SLSA's Source and Build tracks being completed and a clear understanding of the strategic direction, path, and roadmap. @mlieberman85 @marcelamelara @hepwori