Marcela Melara

Hi @onew0rd ! I'm not involved directly in the Gramine project, so I can't speak for their planned features, and we don't currently have source code available. But I can...

I'm going to push back a little bit on the notion that requirements on platform operations (implemented by operators) should be merged with the Build track (implemented by developers). I...

> What is the difference between "HW-attested builds" and "HW-attested platforms"? Can you rephrase in terms of threats that are being addressed? @MarkLodato I appreciate the detailed threat model. In...

To update this thread. Given the discussions we've had with the SLSA spec community, we've landed on including HW attested build platforms as part of a higher level of the...

@mswilson I appreciate your perspective on the nuance of AWS Nitro vs an Intel SGX, for example. One of the challenges we're trying to address in this proposal is the...

Thanks for the ping on this @arewm . Yes, we haven't updated the Doc, we've been quite bogged down with prepping a talk for OSS NA '24 on this topic....

Thanks @behnazh-w and @joshuagl ! I will go take a look at the linked issue and PR. > AIUI there are multiple factors which make provenance from slsa-github-generators unforgeable, copying...

> the only influence that the caller has is the input parameters. Does that help? This does help, thanks. If the main goal of L3 (as you mention in https://github.com/slsa-framework/slsa/issues/975#issuecomment-1759816631)...

Update: We discussed the general topic of attestation media types at the [in-toto community meeting last week](https://hackmd.io/@lukpueh/ry_e70Qqw#Media-types). The decision from the in-toto side is to continue indicating the attestation type...

Following the [latest discussion](https://github.com/in-toto/attestation/issues/271#issuecomment-1675008618) on the in-toto end, it sounds like this issue needs to be re-opened for SLSA L1 use cases.