sbp commented on issue #286: URL: https://github.com/apache/tooling-trusted-releases/issues/286#issuecomment-3589973826
What makes this even more complex is that the immutable fields don't necessarily correspond to the full set of fields which affect attestations. If we make it possible to edit the compose workflow paths before uploading new revisions, for example, I would say that we need to record the compose workflow paths that were enabled for each file, i.e. the state during each revision, because that field actually affects compose revisions rather than just the compose phase as a whole. Making all fields which are associated with attestations immutable after the phase has started would simplify the model a lot, but could cause usability problems for RMs. I think that we have phase immutable fields, and we have revision immutable fields. That's complex, but we can probably cope with it. It would be like this, where `[P]` means immutable and frozen at the start of the phase, `[R]` means immutable and frozen at the start of the revision (which is barely immutable because then it's not used for anything during the revision because a revision is a snapshot; it's essentially just a copy that we're making), and `[?]` and `[-]` are unknown and always mutable. **Compose**: Source artifact paths - **[P]** Binary artifact paths - **[P]** GitHub repository name - **[R]** GitHub compose workflow paths - **[R]** Strict checking - **[-]** **Vote**: GitHub vote workflow paths - **[R]** Email - **[P]** Manual voting process - **[P]** Minimum voting period - **[P]** Pause for RM - **[?]** Release checklist - **[-]** Start vote template - **[-]** **Finish**: GitHub finish workflow paths - **[R]** Announce release template - **[-]** Preserve download files - **[-]** All of the GitHub metadata is per revision, and the rest is either per phase immutable or mutable. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
