You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Maybe the plan was to have provenance/verifier and provenance/generator instead of provenance-verifier and provenance-generator?
I don't have a strong opinion on this. Is there one option that makes it easier for users to use the verifier? Will separation reduce the number of dependencies to update for users who use it? (I suppose not really)
Let's move the verifier code to a separate repo that's for non-falsifiable workflow attestations
This repo would contain:
(1) the builder
(2) provenance generator
which we can combine like this:
./slsa-release build <--dry>
./slsa-releaes provenance <-digest SHA>
Example: rename repo (use gosst's GitHub) to
slsa-golang
and have:The text was updated successfully, but these errors were encountered: