Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HACDOCS-941-glossary #51

Merged
merged 6 commits into from
Jun 7, 2024
Merged

HACDOCS-941-glossary #51

merged 6 commits into from
Jun 7, 2024

Conversation

Chr1st1anSears
Copy link
Contributor

No description provided.

@github-actions GitHub Actions
Copy link

🚀 Preview is available at

@Chr1st1anSears
Copy link
Contributor Author

@arewm I didn't find any instances of Devfile. I deleted the one mention of GitOps. And I deleted all references to environments, except for one mention of production environment under managed workspace, because I thought that might still be valid. Please take a look at that definition and let me know if I should delete that. And of course I'm happy to make any other changes you'd like to see.

@Chr1st1anSears Chr1st1anSears requested a review from arewm May 30, 2024 14:17
@Chr1st1anSears Chr1st1anSears marked this pull request as ready for review May 30, 2024 14:17
@github-actions GitHub Actions
Copy link

🚀 Preview is available at

arewm
arewm requested changes May 30, 2024
View reviewed changes
docs/modules/ROOT/pages/glossary/index.adoc Outdated Show resolved Hide resolved
docs/modules/ROOT/pages/glossary/index.adoc Outdated Show resolved Hide resolved
docs/modules/ROOT/pages/glossary/index.adoc Outdated Show resolved Hide resolved
docs/modules/ROOT/pages/glossary/index.adoc Outdated Show resolved Hide resolved
docs/modules/ROOT/pages/glossary/index.adoc Outdated Show resolved Hide resolved
docs/modules/ROOT/pages/glossary/index.adoc Outdated Show resolved Hide resolved
docs/modules/ROOT/pages/glossary/index.adoc Outdated Show resolved Hide resolved
docs/modules/ROOT/pages/glossary/index.adoc Outdated Show resolved Hide resolved
docs/modules/ROOT/pages/glossary/index.adoc Outdated Show resolved Hide resolved
docs/modules/ROOT/pages/glossary/index.adoc Outdated Show resolved Hide resolved
gabemontero
gabemontero approved these changes Jun 4, 2024
View reviewed changes
Copy link

@gabemontero gabemontero left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm good with the updates I asked for

arewm
arewm reviewed Jun 4, 2024
View reviewed changes
docs/modules/ROOT/pages/glossary/index.adoc Outdated
A collection of TaskRuns that are arranged in a specific order of execution.

**provenance** +
{ProductName} produces SLSA provenance, which consists of the attestation for an artifact, and a signature for that attestation. Attestation lists the steps that {ProductName} took to create a given artifact. The signature enables you to verify that no one tampered with that attestation.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The provenance lists the steps

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't attestation the specific component of provenance that lists the steps? That's how we defined it here.

Or would you like me to change this to say:
"Konflux produces SLSA provenance, which includes a list of steps that Konflux took to build a given artifact, and a signature to verify that the provenance comes from Konflux."

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

An attestation is generically a claim being made about a subject (i.e. the container that is produced). The SLSA provenance is a type of attestation but there are many different types of attestations ... some that have been defined by the community, but others can certainly exist even without being vetted by the in-toto maintainers.

If we are talking about the build steps, that is the provenance attestation .. both here and in https://konflux-ci.dev/docs/#slsa-provenance. I didn't catch that issue in the overview previously.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, I updated this def and the SLSA overview doc accordingly.

@Chr1st1anSears Chr1st1anSears merged commit 34ddd44 into main Jun 7, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gabemontero gabemontero gabemontero approved these changes

@arewm arewm arewm approved these changes

Assignees
No one assigned
Labels
size: XL
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Chr1st1anSears @gabemontero @arewm