Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Safe Expunging and 'legal' restrictions #1222

Open
TomHennen opened this issue Oct 25, 2024 · 1 comment
Open

Safe Expunging and 'legal' restrictions #1222

TomHennen opened this issue Oct 25, 2024 · 1 comment
Labels
source-track

Comments

@TomHennen
Copy link
Contributor

I'm also not sure the scs can be on the hook for enforcing that the data removals were for legal reasons.
Generally I think "the owner of the intellectual property in the repo (the root repo owner, in gh terms) can remove data. They should only do this for legal or privacy reasons due to the risk of severe reputational consequences (damage to artifact chain of custody)." Ie: it's indistinguishable from a repo hijack so you should have a good reason.

Originally posted by @zachariahcox in #1203 (review)
@github-project-automation github-project-automation bot moved this to 🆕 New in Issue triage Oct 25, 2024
@TomHennen
Copy link
Contributor Author

That's probably right. One thing I was thinking of doing is following the build tracks example and making it clear which requirements are on the Organization (build track calls it the producer) and which are on the SCS.

I think that would resolve this?

@TomHennen TomHennen mentioned this issue Oct 25, 2024
Merged
@zachariahcox zachariahcox moved this to In review in SLSA Source Track Nov 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
source-track
Projects
Issue triage
Status: 🆕 New
SLSA Source Track
Status: New!
Milestone
No milestone
Development

No branches or pull requests
2 participants
@TomHennen @zachariahcox