John Kjell

@MarkLodato's earlier comment got me thinking if this could be generalized to something like a "Hardware Attested Supply Chain Steps". That's definitely a terrible name so, please don't actually use...

@mswilson the draft document references vTPM and Confidential Virtual Machines. Often times those technologies are implemented at some level in hardware (i.e. specific instruction sets for virtualization). Are there other...

My experiences with build platforms would bias me toward `Builds isolated` at level 2 and `Provenance unforgeable` at level 3. The build platforms I have experience with, Concourse, Tekton, kpack...

Yeah, that makes sense. I think I often conflate build and control plane isolation. Then I make the leap to the idea that if builds are not isolate, the control...

In a past life, I worked on data protection. 😅 I'm interested in helping out if I can, depending on what sort of help you're looking for.

Count me in! ☺️

If we're expecting more folks to join, would it make sense to wait a bit, and survey the contributors for a time that works for the majority?

Had a chat with @anvega and it sounds like most of the lead folks are west coast US and Australia. It's awesome to have such an international crowd willing to...

I'd like to observe this assessment to help out for future one.

I have no conflicts on this review.