-
Notifications
You must be signed in to change notification settings - Fork 229
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Workstream: Release SLSA v1.1 #900
Comments
I think we should aim to have a patch release soon. We could include:
What other changes should we consider? |
If VSA is part of this release, it would be useful to resolve other VSA issues - at least those we consider blocking and / or a that resolving them may be backward-incompatible |
Created the v1.1 directory in #942 |
Do you have any particular issues in mind? I took a look at the issues backlog and identified the following VSA related items: |
Joshua, could you add those issues to the top post? I just created a template there. If you use that format, GitHub links them bi-directionally, which is nice. |
Good tip. Done, thanks. |
I'm curious about how we're feeling about this issue's representation of what's in scope for SLSA 1.1. The issue suggests they'll just be small clarifications but then we're also working on the source track, a new build level etc... Is there anything else we're trying to get in to a 1.1 release? |
Good question, I asked something similar when reviewing the first draft of the Source track. I'd missed a discussion on this very topic in a working meeting which Arnaud summarised:
We could try and get a release (1.1?) out sooner while we continue to work on the source track and new build level. Would that be useful? Are there things that SLSA adopters are seeking clarity on which would benefit from a "minor" release? |
I think I'm mostly trying to understand what's left to do for 1.1 and how badly things get left behind that don't make it to 1.1. E.g. I think it's unlikely the 'dependency track' would be complete for 1.1. So what would the path forward be? |
This PR proposes to change the status of v1.1 to Candidate Release in preparation for final publication. I ought to point out that there is a bunch of VSA related issues that had been targeted for this release and that have not been addressed. See Issue #900. However, until someone works on any of these issues there is no hope of making progress and waiting for these to close will delay getting 1.1 out indefinitely. Although not ideal I therefore propose to defer these and publish what we have. Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>
This PR proposes to change the status of v1.1 to Candidate Release in preparation for final publication. I ought to point out that there is a bunch of VSA related issues that had been targeted for this release and that have not been addressed. See Issue slsa-framework#900. However, until someone works on any of these issues there is no hope of making progress and waiting for these to close will delay getting 1.1 out indefinitely. Although not ideal I therefore propose to defer these and publish what we have. Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>
This is a tracking issue for releasing v1.1. The primary goal of v1.1 is to release small updates to v1.0 to address issues that are too significant for an in-place update to v1.0 yet we don't want to block until the next significant release.
Workstream shepherd: Joshua Lock (@joshuagl)
Sub-issues:
annotations
#875verifiedLevels
in VSA v1 #968The text was updated successfully, but these errors were encountered: