New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Source track attestation claims #1042

Open

laurentsimon opened this issue Apr 8, 2024 · 1 comment

Contributor

laurentsimon commented Apr 8, 2024 •

edited

Tracking issue for #1037 (comment)

Main comments:

The current claims are a mix of policy (who's allowed to review) and facts (who reviewed).
The current use case is useful when consumers and producers are the same but does not help for consumption of other (open source) projects

Current suggestion: Separate policy and fact claims, like we do in build track.

kpk47 mentioned this issue

content: Add draft of the Source track. #1037

Open

Contributor

marcelamelara commented May 3, 2024

Also to consider in this context is the currently open PR on human review predicates: in-toto/attestation#151

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment