You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We currently talk about 'VCS' and 'SCP' but don't have a term to talk about the system as a whole.
Defining such a term would make some things easier when we don't have a strong opinion about which specific component of the system fulfills a given role as long as it is filled somewhere.
Let's define the term and then update the source track to use it where appropriate.
The text was updated successfully, but these errors were encountered:
Thanks for the updates! My main high-level suggestion is that the source track ought to make the roles and requirements of the VCS vs. SCP vs. producer clearer. In the Build track, the distinction between what the hosted build platform vs the producer is responsible for is called out. In the current source track spec, I feel like there are a lot of assumptions/expectations about the SCP, the producer and the VCS that we aren't including right now. So it might be helpful to draw a clearer separation between who is responsible for achieving which requirements.
A party that evaluates evidence and issues attestations (summary or provenance) about source revisions.
Source Control System (SCS)
A combination of a VCS, SCP, and Source Attestation Issuers that are trusted to manage the source for a Repository by the Organization which controls it. A SCS is the entity responsible for meeting the SLSA requirements through how it assembles and configures the VCS, SCP, and Source Attestation Issuers.
We currently talk about 'VCS' and 'SCP' but don't have a term to talk about the system as a whole.
Defining such a term would make some things easier when we don't have a strong opinion about which specific component of the system fulfills a given role as long as it is filled somewhere.
Let's define the term and then update the source track to use it where appropriate.
The text was updated successfully, but these errors were encountered: