At Monday's Build Profile meeting, we looked at SLSA Provenance v0.2 <https://slsa.dev/provenance/v0.2> as prior art for the build profile schema. As promised, here is a list of the known issues with v0.2 that can hopefully be improved upon in the SPDX Build Profile: https://github.com/slsa-framework/slsa/issues/460
Reminder: the larger SLSA framework is out of scope. We're just talking about the SLSA Provenance schema, which overlaps heavily with the SPDX Build Profile. I personally am hoping that the Build Profile can satisfy all of SLSA's needs so that we can deprecate the SLSA Provenance format, but there has not yet been community discussion on this topic, let alone consensus. Best, Mark Lodato -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#4725): https://lists.spdx.org/g/Spdx-tech/message/4725 Mute This Topic: https://lists.spdx.org/mt/92836565/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
