-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
KEP-3027: SLSA Level 3 Compliance in the Kubernetes Release Process #3051
Conversation
puerco
commented
Nov 18, 2021
- One-line PR description: Initial Draft
- Issue link: SLSA Level 3 Compliance in the Kubernetes Release Process #3027
- Other comments:
First draft of KEP-3027, proposing an ehnacement to make the kubernetes releas process SLSA compliant. Signed-off-by: Adolfo García Veytia (Puerco) <adolfo.garcia@uservers.net>
Rework the motivations of the kep to remark the parallels with our roadmap and vision as suggested by Sascha Grunert. Signed-off-by: Adolfo García Veytia (Puerco) <adolfo.garcia@uservers.net>
The KEP text now describes in a broad sense the required work to reach each of the SLSA levels. No attempt is made to make comprehensive descriptions, just to provide a rough guide to what we need to work to achieve each level. Signed-off-by: Adolfo García Veytia (Puerco) <adolfo.garcia@uservers.net>
Signed-off-by: Adolfo García Veytia (Puerco) <adolfo.garcia@uservers.net>
Since the first draft, The Digital Identity Attestation and Developer Identity WG was renamed to Supply Chain Integrity WG. This commit corrects the name. Signed-off-by: Adolfo García Veytia (Puerco) <adolfo.garcia@uservers.net>
/hold for discussion |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great work! I left some review nits.
Co-authored-by: Sascha Grunert <sgrunert@redhat.com>
Co-authored-by: Sascha Grunert <sgrunert@redhat.com>
Co-authored-by: Sascha Grunert <sgrunert@redhat.com>
As suggested in the discussion, the language in the KEP has been modified to reflect a plan rather than a guide. It also states that SIG Release will recommend SLSA to other projects and share practices and tools. Signed-off-by: Adolfo García Veytia (Puerco) <adolfo.garcia@uservers.net>
Signed-off-by: Adolfo García Veytia (Puerco) <adolfo.garcia@uservers.net>
Signed-off-by: Adolfo García Veytia (Puerco) <adolfo.garcia@uservers.net>
Signed-off-by: Adolfo García Veytia (Puerco) <adolfo.garcia@uservers.net>
@puerco -- ^^ |
Co-authored-by: Jason Tarasovic <JTarasovic@users.noreply.github.com>
As suggested by tpepper, the KEP is now scoped to SLSA level3. Level 4 is mentioned as not implementable. Also, the dual graduation criteria has been removed in favor of a push towards the more realistic SLSA 3 goal. Signed-off-by: Adolfo García Veytia (Puerco) <adolfo.garcia@uservers.net>
Signed-off-by: Adolfo García Veytia (Puerco) <adolfo.garcia@uservers.net>
Signed-off-by: Adolfo García Veytia (Puerco) <adolfo.garcia@uservers.net>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great work here, @puerco!
/lgtm
/approve
Hold to removed at EOD.
participating-sigs: | ||
- sig-release | ||
- sig-security |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
participating-sigs: | |
- sig-release | |
- sig-security | |
participating-sigs: | |
- sig-security |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: justaugustus, puerco The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/hold cancel |
late /lgtm |