Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cleanup our directory structure #32

Open
laurentsimon opened this issue Feb 15, 2022 · 3 comments
Open

Cleanup our directory structure #32

laurentsimon opened this issue Feb 15, 2022 · 3 comments
Assignees
@laurentsimon

Comments

@laurentsimon
Copy link
Collaborator

laurentsimon commented Feb 15, 2022
edited

Example: rename repo (use gosst's GitHub) to slsa-golang and have:

  • .github/workflow/build.yml
  • project-builder/
  • provenance-verifier/
  • provenance-generator/
@laurentsimon laurentsimon self-assigned this Feb 26, 2022
@laurentsimon
Copy link
Collaborator Author

laurentsimon commented Feb 26, 2022
edited

@asraa any further comment on this?

@laurentsimon
Copy link
Collaborator Author

Maybe the plan was to have
provenance/verifier and provenance/generator instead of provenance-verifier and provenance-generator?

I don't have a strong opinion on this. Is there one option that makes it easier for users to use the verifier? Will separation reduce the number of dependencies to update for users who use it? (I suppose not really)

@asraa
Copy link
Owner

asraa commented Feb 28, 2022

Let's move the verifier code to a separate repo that's for non-falsifiable workflow attestations

This repo would contain:
(1) the builder
(2) provenance generator
which we can combine like this:
./slsa-release build <--dry>
./slsa-releaes provenance <-digest SHA>

@asraa asraa mentioned this issue Mar 1, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@laurentsimon laurentsimon

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@asraa @laurentsimon