Skip to content

Commit 7a24c5d

Browse files
puercopuerco
committed
Change summary from guide to plan, include other projects
As suggested in the discussion, the language in the KEP has been modified to reflect a plan rather than a guide. It also states that SIG Release will recommend SLSA to other projects and share practices and tools. Signed-off-by: Adolfo García Veytia (Puerco) <[email protected]>
1 parent 18bf8e2 commit 7a24c5d

File tree

1 file changed

+8
-5
lines changed
  • keps/sig-release/3027-slsa-compliance

1 file changed

+8
-5
lines changed

keps/sig-release/3027-slsa-compliance/README.md

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -147,8 +147,8 @@ Items marked with (R) are required *prior to targeting to a milestone / release*
147147
This document proposes a plan to harden the Kubernetes releases by
148148
making the necessary adjustments to comply with the SLSA Framework.
149149
[SLSA (Supply-chain Levels for Software Artifacts)](https://slsa.dev/)
150-
is a framework to harden software supply currently being defined by the
151-
[OpenSSF](https://openssf.org/)'s
150+
is a framework to harden software supply chains, currently in actove
151+
development defined by the [OpenSSF](https://openssf.org/)'s
152152
[Supply Chain Integrity WG](https://github.com/ossf/wg-supply-chain-integrity).
153153

154154
The framework provides requirements and recommendations to software
@@ -160,9 +160,12 @@ The main goal of this enhancement is to provide downstream consumers of our
160160
artifacts the highest assurance about the integrity of each Kubernetes release.
161161

162162
SLSA defines several levels of hardening, each touching more aspects of the
163-
release process that go beyond its technical implementation. This document is
164-
meant to serve as a guide to reach the highest possible levels after
165-
consensus has been reached about their viability.
163+
release process that go beyond its technical implementation. This KEP proposes
164+
to use SLSA as a standard framework for hardening the Kubernetes release
165+
software supply chain. SIG Release will also recommend SLSA as a hardening
166+
framework to other projects under the Kubernetes organization, all new practices
167+
and tools derived from the effort in this KEP will be available for the
168+
benefit of those who choose to adopt it.
166169

167170
<!--
168171
This section is incredibly important for producing high-quality, user-focused

0 commit comments

Comments
 (0)