release icon indicating copy to clipboard operation
release copied to clipboard

Published 20 hours ago verified publisher icon kubernetes

Add rpms and debs to provenance attestation and SBOM

Open puerco opened this issue 2 years ago • 10 comments

What would you like to be added:

We are now building the RPMs and debs as part of the release process. We should be recording these files in the provenance attestation on staging and accounting for them on the final SBOM after they're signed. We should also try to create an attestation of the OBS build if possible and record the packages there too.

Why is this needed:

Currently we don;t have a record of these files in our build metadata.

puerco avatar May 18 '23 05:05 puerco

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Jan 20 '24 18:01 k8s-triage-robot

/remove-lifecycle stale

xmudrii avatar Jan 22 '24 10:01 xmudrii

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Apr 21 '24 11:04 k8s-triage-robot

/remove-lifecycle stale

xmudrii avatar Apr 22 '24 09:04 xmudrii

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Jul 21 '24 10:07 k8s-triage-robot

/remove-lifecycle stale

xmudrii avatar Jul 22 '24 16:07 xmudrii