Hmm, what could we do in SLSA that would make this better in the future? On Wed, Aug 14, 2024 at 2:51 PM Brandon Lum <[email protected]> wrote:
> Hmm... i think that perhaps we should snapshot the definitions. I think it > may be a bit late to rename these variables but at least we can be > consistent with the definitions since SLSA is one of a few applications of > the build profile. > My thought is to have a "patch version" size documentation change to > change the statement. > > FYI @Tom Hennen <[email protected]> from the SLSA side. > > "Definitions of "buildType", "configSourceEntrypoint", "configSourceUri", > "parameters" and "environment" follow those defined in SLSA Provenance > v0.2 <https://slsa.dev/provenance/v0.2>." > > > On Thu, Aug 8, 2024 at 2:24 PM Nisha Kumar <[email protected]> wrote: > >> Hi There, >> >> SLSA 1.0 has some breaking changes that conflict with some Build Profile >> terms. Specifically, some provenance terms have been lifted off SLSA 0.2 >> that have now been removed from SLSA 1.0 >> <https://slsa.dev/spec/v1.0/provenance#v10>. I would like to re-align >> the SPDX 3.0 build profile with SLSA 1.0. Should we restart the build >> profile meetings for this? >> >> --- >> nisha >> >> -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#5703): https://lists.spdx.org/g/Spdx-tech/message/5703 Mute This Topic: https://lists.spdx.org/mt/107795144/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
smime.p7s
Description: S/MIME Cryptographic Signature
