Jan Zerebecki
Jan Zerebecki
That wouldn't protect the history (leading to no rollback protection), nor the meta data in submit requests (the submit target, who accepted it, etc). But what would make it unusable...
There is git support being worked on on that will solve this completely. https://build.opensuse.org/project/show/devel:ALP currently uses a git repo for the project and git submodules for each package. What is...
Signed changes is only a small part of higher level requirements for end to end supply chain integrity, which are: * every commit in package and code stream repositories (aka...
OBS publishes the build environment of every build in the _buildenv file. So, what do you mean?
If everything is reproducible you only need the source which is already available in the OBS history and could reproduce the artifacts. But it is useful to have an artefact...
Example for a provenance file: https://sources.suse.com/_slsa/SUSE:SLE-15-SP4:Update/standard/x86_64/5a/5a9e94b5dd6396e0b2f60e808bf06c220137e19943adf13c7ccd1d35645ab2c9.prov
This seems to have been implemented according to https://openbuildservice.org/2022/05/18/relationship-notifications/
I'm not sure if it is this bug, but I don't get notification emails for reviews needed from groups I'm in. I only noticed this in IBS, but I don't...
Ok this was not the bug. I still do not receive those notifications.
To make this easier to find: This is an alternative to push notifications.