Edits Part 01 - About SLSA and new combined Terminology #1533
Conversation
✅ Deploy Preview for slsa ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
| --- | ||
| title: About SLSA | ||
| description: With supply chain attacks on the rise, a shared vocabulary and universal framework are needed to provide incremental guidance to harden supply chains for more secure software production. This page introduces the main concepts behind SLSA and explains how it can help anyone involved in producing, consuming, or providing infrastructure for software. | ||
| title: About SLSA |
There was a problem hiding this comment.
nit: I don't think we want these extra spaces at the end of these lines?
There was a problem hiding this comment.
Markdown doesn't care but some of the other tools might care. I don't know.
There was a problem hiding this comment.
I just ran the linter on these files, and this space is indeed not a problem. But we did get several other linter errors we may want to resolve once all edits are done.
…g conceptual material from Terminology.
Co-authored-by: Tom Hennen <TomHennen@users.noreply.github.com> Signed-off-by: Seth McEvoy <mcevoy.building7@gmail.com>
Co-authored-by: Tom Hennen <TomHennen@users.noreply.github.com> Signed-off-by: Seth McEvoy <mcevoy.building7@gmail.com>
marcelamelara
left a comment
marcelamelara
left a comment
There was a problem hiding this comment.
Thanks @mcevoy-building7 ! I've left several comments in the About doc and will send reviews for the other files soon.
| public, disruptive, and costly in today's environment when exploited. These attacks have also shown that there are inherent risks not just in code itself, but at | ||
| multiple points in the complex process of getting that code into software | ||
| systems—that is, in the **software supply chain**. Since these attacks are on | ||
| systems; that is, into the *software supply chain*. Since these attacks are on |
There was a problem hiding this comment.
The "into" here, I think, changes the meaning of this sentence. What this sentence was trying to convey is that the "the complex process of getting that code..." is the software supply chain. Maybe the misleading part is actually "getting that code into software systems" because it's an uncommon description of what happens in the software supply chain.
I wonder if a simplification like this could work here: "multiple points in the the complex process of creating and distributing that code as software; that is, the software supply chain"
| analysis and review performed on the source code still applies to | ||
| the binary consumed after the build and distribution process is complete. |
There was a problem hiding this comment.
Not entirely sure where, but I feel like there's a comma missing somewhere here.
|
These files will be split into new pull requests. Sorry! |
3 participants
Part 1 of SLSA edits from Seth McEvoy.
Branch: front-matter
Files:
about.md - About SLSA -standard edits: smooth and clarify technical complexity.
slsa-terms.md - SLSA Terminology - combined single terminology gathered and alphabetized from all tracks.
Ignore other files in this branch for now.
Please review but do not merge. We need to create a workflow for editing feedback.
Thanks!