Open camaleon2016 opened 1 month ago
Great timing! @meder has done some early sketches of goals, scope, and shape of a possible dependency track. He'd be a great person to pull in here too.
Thanks, would love to collaborate. Dependency track issue is here: https://github.com/slsa-framework/slsa/issues/961 You can see the first draft there, which will be reworked based on feedback.
Update on this: as planned, folks from S2C2F and from SLSA Specification met this week to discuss this idea.
Attendees: @adriandiglio @camaleon2016 @haydentherapper @hepwori @meder
Discussion points:
Next steps:
Others — please chime in if I missed or misrepresented anything!
Hey @meder Were you able to produce the first draft of track principles? As we discuss this opportunity within the S2C2F community, it'd be really useful to understand the delta we'd encounter today. Thanks!
@tombedfordgit I should have something to share next week.
Based on discussions within the Supply Chain integrity working group and S2C2F Project we wanted to open discussions on a path for S2C2F to align with SLSA as its dependency track. This would be contingent on SLSA's Source and Build tracks being completed and a clear understanding of the strategic direction, path, and roadmap. @mlieberman85 @marcelamelara @hepwori