feedback: version SLSA 1.0 dropping / reducing scope from 0.1 is weird

[msmeissn]

Sorry for not keeping up with the SLSA 1.0 development.

It looks weird to me that you would declare it SLSA 1.0.

• it has less requirements and reduced scope compared to 0.1
• quite some work (and big open gaps) is only planned to be filled again for the future past 1.0
• it severely devalues adoption work done by early adopters of SLSA 0.1 (like my employer SUSE)

So I would suggest not calling it SLSA 1.0.

• 1.0 would suggest completeness which is not the case. Perhaps 0.2 might fit better.
• if you want to stick with the 1.0, you could call it differently to match content, e.g. "SLSA Build 1.0"