-
Notifications
You must be signed in to change notification settings - Fork 221
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Define 'source control system' in source track #1128
Comments
Let's also incorporate @marcelamelara's feedback from #1094 (review)
|
Proposal (which we can iterate on): Source Attestation IssuerA party that evaluates evidence and issues attestations (summary or provenance) about source revisions. Source Control System (SCS)A combination of a VCS, SCP, and Source Attestation Issuers that are trusted to manage the source for a Repository by the Organization which controls it. A SCS is the entity responsible for meeting the SLSA requirements through how it assembles and configures the VCS, SCP, and Source Attestation Issuers. |
We currently talk about 'VCS' and 'SCP' but don't have a term to talk about the system as a whole.
Defining such a term would make some things easier when we don't have a strong opinion about which specific component of the system fulfills a given role as long as it is filled somewhere.
Let's define the term and then update the source track to use it where appropriate.
The text was updated successfully, but these errors were encountered: