Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify that it's the CI's control plane that gives it privileged access #1211

Open
marcelamelara opened this issue Oct 21, 2024 · 0 comments
Open

Clarify that it's the CI's control plane that gives it privileged access #1211

marcelamelara opened this issue Oct 21, 2024 · 0 comments
Labels
build-environment-track Issues/PRs related to the SLSA BuildEnv track

Comments

@marcelamelara
Copy link
Contributor

I think that this statement isn't quite correct. It MAY be the case for build L2, but it MUST NOT be the case for build L3.

Are you considering this from the perspective of the infrastructure running the build platform. If the infrastructure is compromised then this may be the case even if it isn't the case from a running build itself?

Originally posted by @arewm in #1115 (comment)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
build-environment-track Issues/PRs related to the SLSA BuildEnv track
Projects
Issue triage
Status: 🆕 New
SLSA Attested Build Environment Track
Status: Ready
Milestone
No milestone
Development

No branches or pull requests
1 participant
@marcelamelara