SLSA v1.0 assessment

[lietapa]

I am trying to assess the SLSA level when using Nix referring to the SLSA v1.0, published in April 2023. Since it requires less than its draft versions, I presume compliance is quite straightforward. However, not being a specialist might make me miss some details. Would you be willing to update this to SLSA v1.0?

Related: https://discourse.nixos.org/t/over-10-million-donated-for-supply-chain-security-an-opertunity-for-growth-and-adoption/15508/3

[tomberek]

Looks like a lot has changed. Yes, I'd like to go through it and provide a review. There is a matrix group at (#slsa:nixos.org) that has some people interested in this topic, please join and coordinate there? (or if that doesn't work, let me know what would be better to coordinate).

[lietapa]

I am afraid I won't have much input to provide, but am eagerly interested in the result. I have joined the Matrix room if needed. The Discourse conversation is probably the most visible place to exchange.