Isaac Hepworth
Isaac Hepworth
Can't you just make URL linkification take precedence? Any /#hashes which aren't part of a URL get linked as hashtags, but those that are get linked as part of the...
Yeah doing a generic one of these (where you can select the app which notifies) is on my list.
This from NTIA is a good SBOM use cases reference which I've found useful: https://www.ntia.gov/files/ntia/publications/ntia_sbom_use_cases_roles_benefits-nov2019.pdf
fwiw I agree with your instincts to broaden, along the lines of 'Identities in SLSA'. I wondered if projects like Sigstore, which are even more closely identity-adjacent, might have prior...
How about the following, in a putative "identities and SLSA" section? _References to identity in the SLSA specification refer to supply chain actors—human or automated—which are authenticated and uniquely identified...
I think the statement I proposed in https://github.com/slsa-framework/slsa/issues/1133#issuecomment-2465927106 would do the job of reassuring folks about how SLSA expects/intends identity to be used. To me, the position in the language...
Happy to take a look. What's the actual question referenced by "this specific question has been posed…"?
Ack, got it. @mlieberman85 is closest to this and likely has latest on all the answers you seek. I tagged him in the doc.
@CoS-Harry does this get you what you need? FRSCA should be archived if it's not already :)
Great timing! @meder has done some early sketches of goals, scope, and shape of a possible dependency track. He'd be a great person to pull in here too.