Workstream: Build Platform Operations Track #985
Labels
workstream
Major effort comprising multiple sub-issues
Comments
MarkLodato
changed the title
This was referenced Oct 11, 2023
marcelamelara
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is a tracking issue for creating a Build Platform Operations track. The main idea is to cover the trust in the build platform itself. Whereas the Build track covers the application-level behavior of the build platform, this covers the generic operation (not really specific to build).
Project shepherd: UNASSIGNED (no active development currently)
Related: We might want to merge with #975 (hardware attested builds) and/or #977 (Build L4, discussing reproducible builds) as discussed in #975 (comment).
Sub-issues:
/cc @mattfarina
See also: #802
v0.1 had a brief mention of this concept, but it was never fleshed out and was ultimately deferred in v1.0. This seems like an important concept but we're currently unclear how to fit it into SLSA. Should it be a separate track? Should it be folded into the existing track? Should it not be a track at all but instead be some sort of guidance? This all needs to be fleshed out.
Also, is this really specific to Builds, or should this just be "Platform Operations" that are common to any trusted system of the supply chain?
The text was updated successfully, but these errors were encountered: