Update README and documentation #47
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mihaimaruseac
requested review from
smeiklej,
haydentherapper and
laurentsimon
bobcallaway
reviewed
Oct 24, 2023
smeiklej
reviewed
Oct 25, 2023
|
This is now ready to review, though it depends on the decision we're taking in #46 as this impacts provenance for the TF models which are a folder instead of a single file. |
olivekl
reviewed
Oct 25, 2023
laurentsimon
approved these changes
Oct 25, 2023
| @@ -1,69 +1,106 @@ | |||
| # Model Signing | |||
|
|
|||
| This project demonstrates how to protect the integrity of a model by signing it with [Sigstore](https://www.sigstore.dev/). | |||
| This project demonstrates how to protect the integrity of a model by signing it | |||
There was a problem hiding this comment.
the Sigstore diagram image is slightly big
There was a problem hiding this comment.
(I think @haydentherapper already fixed this)
| developed for traditional software to protect against tampering with builds, | ||
| such as in the [Solarwinds attack][solarwinds], and this project is a proof of | ||
| concept that the _same supply chain protections can be applied to ML_. | ||
|
|
There was a problem hiding this comment.
I think we should add one line about that the verification of provenance gives you. You're guaranteed the training was done in the repo at a particular commit sha / tag. We might cross-link to to blog post as well
You can use --print-provenance option to see the output of provenance if needed. I'd simply link to https://github.com/slsa-framework/slsa-verifier#artifacts for further information.
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com> Co-authored-by: Bob Callaway <bobcallaway@users.noreply.github.com>
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com> Co-authored-by: Bob Callaway <bobcallaway@users.noreply.github.com>
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com> Co-authored-by: Bob Callaway <bobcallaway@users.noreply.github.com>
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com> Co-authored-by: olivekl <83081275+olivekl@users.noreply.github.com>
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com> Co-authored-by: olivekl <83081275+olivekl@users.noreply.github.com>
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is still WIP for now. Will continue to update tomorrow
CC @olivekl