Priya Wadhwa
Priya Wadhwa
Instead of generating a statement for all SLSA versions, could we have users specify which version they want via the config? Maybe something like ``` formats.in-toto.version = v0.2 ``` and...
SGTM! We can support latest and maybe the 1-2 most recent versions as well, and just document that policy somewhere. If we introduce a new `formats.in-toto.version` field then it can...
> If we introduce the new `formats.in-toto.version` field, is it just an auxiliary field for the existing `artifacts.taskrun.format` field? Yes! > - If `formats.in-toto.version` is empty or `intoto-v1`, we only...
/remove-lifecycle stale
Thank you @chuangw6 for looking into it! @savitaashture hopefully tonight's build passes now that the fix is about to be merged 🤞🏽
> Since the signature is in the [DSSE format](https://github.com/secure-systems-lab/dsse/blob/master/protocol.md), you need to be using the signature annotation, not the payload annotation. Good point, thanks @rgreinho ! I was able to...
/remove-lifecycle rotten