From b6c7401caaefc37c3bce12cd4a67d593f7ad53db Mon Sep 17 00:00:00 2001 From: arewm Date: Tue, 22 Aug 2023 09:53:04 -0400 Subject: [PATCH] reword change Signed-off-by: arewm --- docs/spec/v1.0/requirements.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/docs/spec/v1.0/requirements.md b/docs/spec/v1.0/requirements.md index 0fc7ad07b..988850bf2 100644 --- a/docs/spec/v1.0/requirements.md +++ b/docs/spec/v1.0/requirements.md @@ -317,11 +317,12 @@ If the build platform leverages a cache for builds, it MUST guarantee the follow cache used by another build, also known as "cache poisoning". In other words, the output of the build MUST be identical whether or not the cache is used. -- If the build platform is capable of providing the provenance for an external - resource without a cache, then the provenance MUST remain unchanged if a cache - is used. In other words, the output of the provenance MUST be identical whether - or not the cache is used. Communication with the build cache MUST NOT be present - in `resolvedDependencies`. +- If the build platform is capable of providing the provenance information for + an external resource when a cache is not in use, then the provenance + information MUST remain unchanged if a cache is used. In other words, the + information in the provenance MUST be identical whether or not the cache is + used. Communication with the build cache MUST NOT be represented in + `resolvedDependencies`. There are no sub-requirements on the build itself. Build L3 is limited to ensuring that a well-intentioned build runs securely. It does not require that