Open TomHennen opened 3 weeks ago
@zachariahcox
yeah, like "as reliable as the issuer?" I doubt if they will always be auditable or verifiable in anyway. It would feel more or less like "SCP says X with no real way to prove it. Trust it or don't."
yeah, are issuers "reliable?" I guess the answer is "hopefully!"
I'd support cutting this word if it's confusing things.
@TomHennen I left a comment on the linked pr. maybe "authentic" is the best we can claim here.
_Originally posted by @marcelamelara in https://github.com/slsa-framework/slsa/pull/1094#discussion_r1722231751_