Andrew McNamara

Identity discussions have come up a couple times in SLSA. I feel like it would likely be beneficial to address it broadly, but I feel like that will sidetrack the...

NIST's definition of non-repudiation often references an identity as associated with a private key: https://csrc.nist.gov/glossary/term/non_repudiation > I don't think we're looking for anything that doesn't allow code authors to repudiate...

I think that this feature should be slightly modified. It is valid to have nested image indexes. Therefore, I think that Chains should support signing/attesting all nested Image Manifests _and_...