From e8eb78a9874ee0f604f431c4233b9c7352d0d23a Mon Sep 17 00:00:00 2001 From: Tom Hennen Date: Sun, 5 May 2024 14:46:54 +0000 Subject: [PATCH] Add CHANGELOG and remove version from individual files. Signed-off-by: Tom Hennen --- spec/v1/CHANGELOG.md | 11 +++++++++++ spec/v1/README.md | 2 +- spec/v1/bundle.md | 2 -- spec/v1/digest_set.md | 13 ------------- spec/v1/predicate.md | 2 -- spec/v1/resource_descriptor.md | 2 -- spec/v1/statement.md | 12 ------------ 7 files changed, 12 insertions(+), 32 deletions(-) create mode 100644 spec/v1/CHANGELOG.md diff --git a/spec/v1/CHANGELOG.md b/spec/v1/CHANGELOG.md new file mode 100644 index 00000000..93216fa5 --- /dev/null +++ b/spec/v1/CHANGELOG.md @@ -0,0 +1,11 @@ +# Changelog + +## v1.1 + +* Clarified that subjects are assumed to be immuatble and that it is +acceptable to use a non-cryptographic digest (though cryptographic +digests are still preferred). + +## v1 + +Initial release. diff --git a/spec/v1/README.md b/spec/v1/README.md index 48dae99a..522a8b58 100644 --- a/spec/v1/README.md +++ b/spec/v1/README.md @@ -1,6 +1,6 @@ # Specification for in-toto attestation layers -Version: v1.0 +Version: v1.1 Index: diff --git a/spec/v1/bundle.md b/spec/v1/bundle.md index c7dee9d7..6d9a168f 100644 --- a/spec/v1/bundle.md +++ b/spec/v1/bundle.md @@ -1,7 +1,5 @@ # Bundle layer specification -Version: v1.0 - An attestation Bundle is a collection of multiple attestations in a single file. This allows attestations from multiple different points in the software supply chain (e.g. Provenance, Code Review, Test Result, vuln scan, ...) to diff --git a/spec/v1/digest_set.md b/spec/v1/digest_set.md index d1b50f54..8cd19220 100644 --- a/spec/v1/digest_set.md +++ b/spec/v1/digest_set.md @@ -1,7 +1,5 @@ # DigestSet field type specification -Version: v1.1 - Set of one or more cryptographic digests, or other immutable references, for a single software artifact or metadata object. @@ -188,17 +186,6 @@ flexibility for the user's various use cases. - `{"sha256": "abcd"}` does not match `{"sha256": "fedb", "sha512": "abcd"}` - `{"somecoolhash": "abcd"}` uses a non-predefined algorithm -## Change History - -### v1.1 - -Clarified that it is acceptable to use a non-cryptographic digest (though -cryptographic digests are still preferred). - -### v1.0 - -Initial - --- diff --git a/spec/v1/predicate.md b/spec/v1/predicate.md index f9cc4a1d..e2fd7dc4 100644 --- a/spec/v1/predicate.md +++ b/spec/v1/predicate.md @@ -1,7 +1,5 @@ # Predicate layer specification -Version: v1.0 - The Predicate is the innermost layer of the attestation, containing arbitrary metadata about the [Statement]'s `subject`. diff --git a/spec/v1/resource_descriptor.md b/spec/v1/resource_descriptor.md index 5285a29d..3d87e11b 100644 --- a/spec/v1/resource_descriptor.md +++ b/spec/v1/resource_descriptor.md @@ -1,7 +1,5 @@ # ResourceDescriptor field type specification -Version: v1.0 - A size-efficient description of any software artifact or resource (mutable or immutable). diff --git a/spec/v1/statement.md b/spec/v1/statement.md index 51bf1cf8..630f773c 100644 --- a/spec/v1/statement.md +++ b/spec/v1/statement.md @@ -1,7 +1,5 @@ # Statement layer specification -Version: v1.1 - The Statement is the middle layer of the attestation, binding it to a particular subject and unambiguously identifying the types of the [Predicate]. @@ -67,16 +65,6 @@ Additional [parsing rules] apply. > set-but-empty. MAY be omitted if `predicateType` fully describes the > predicate. -## Change History - -### v1.1 - -Clarified that subjects are assumed to be immutable. - -### v1.0 - -Initial - [ResourceDescriptor]: resource_descriptor.md [JSON]: https://www.json.org/json-en.html [Predicate]: predicate.md