search

slsa-framework / slsa

Supply-chain Levels for Software Artifacts
https://slsa.dev
Other
1.54k stars 223 forks source link

Source 'systems' need strong auth too, not just change management tools #1199

Open TomHennen opened 2 days ago

TomHennen commented 2 days ago

In this PR comment @zachariahcox says

I think the platform [system] would also need strong auth too at l3, right?

And I think that's right. Filing this issue to fix.

TomHennen commented 2 days ago

In fact I think the text for strong auth under 'change management tool' probably needs updating too.

TomHennen commented 2 days ago

Actually, maybe we just move it entirely. I think listing it with the change management tool might be redundant.