Thanks for the heads up Gary, we'll get together as Nisha suggested and see if we can put something together that should be generic enough for future iteration.
On Thu, Aug 15, 2024 at 12:17 PM Gary O'Neall via lists.spdx.org <gary= [email protected]> wrote: > Just a note – we’re about to freeze the 3.0.1 patch release which already > contains some corrections which may be considered “breaking” – if these > changes to the SPDX spec may be breaking, we may want to get those changes > in very soon. > > > > Gary > > > > *From:* [email protected] <[email protected]> *On Behalf Of > *Tom Hennen via lists.spdx.org > *Sent:* Wednesday, August 14, 2024 11:01 AM > *To:* Brandon Lum <[email protected]> > *Cc:* Nisha Kumar <[email protected]>; SPDX Technical Mailing List < > [email protected]>; Joshua Watt <[email protected]> > *Subject:* Re: [spdx-tech] Align SLSA 1.0 with SPDX 3.0 build profile > > > > Hmm, what could we do in SLSA that would make this better in the future? > > > > On Wed, Aug 14, 2024 at 2:51 PM Brandon Lum <[email protected]> wrote: > > Hmm... i think that perhaps we should snapshot the definitions. I think it > may be a bit late to rename these variables but at least we can be > consistent with the definitions since SLSA is one of a few applications of > the build profile. > > My thought is to have a "patch version" size documentation change to > change the statement. > > > > FYI @Tom Hennen <[email protected]> from the SLSA side. > > "Definitions of "buildType", "configSourceEntrypoint", "configSourceUri", > "parameters" and "environment" follow those defined in SLSA Provenance > v0.2 <https://slsa.dev/provenance/v0.2>." > > > > > > On Thu, Aug 8, 2024 at 2:24 PM Nisha Kumar <[email protected]> wrote: > > Hi There, > > SLSA 1.0 has some breaking changes that conflict with some Build Profile > terms. Specifically, some provenance terms have been lifted off SLSA 0.2 > that have now been removed from SLSA 1.0 > <https://slsa.dev/spec/v1.0/provenance#v10>. I would like to re-align the > SPDX 3.0 build profile with SLSA 1.0. Should we restart the build profile > meetings for this? > > --- > > nisha > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#5709): https://lists.spdx.org/g/Spdx-tech/message/5709 Mute This Topic: https://lists.spdx.org/mt/107795144/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
