editorial: Clarify that SLSA does not address all represented threats

This addresses issue #1004.

Signed-off-by: Arnaud J Le Hors <[email protected]>

docs/spec/v1.0/threats-overview.md

@@ -1,19 +1,20 @@
 ---
 title: Supply chain threats
-description: Attacks can occur at every link in a typical software supply chain, and these kinds of attacks are increasingly public, disruptive, and costly in today's environment. This page is an introduction to possible attacks throughout the supply chain and how SLSA can help.
+description: Attacks can occur at every link in a typical software supply chain, and these kinds of attacks are increasingly public, disruptive, and costly in today's environment. This page is an introduction to possible attacks throughout the supply chain and how SLSA could help.
 ---
 
 Attacks can occur at every link in a typical software supply chain, and these
 kinds of attacks are increasingly public, disruptive, and costly in today's
 environment.
 
 This page is an introduction to possible attacks throughout the supply chain and how
-SLSA can help. For a more technical discussion, see [Threats & mitigations](threats.md).
+SLSA could help. For a more technical discussion, see [Threats & mitigations](threats.md).
 
 ## Summary
 
 ![Supply Chain Threats](images/supply-chain-threats.svg)
 
+**Note that SLSA does not address all of the threats presented here.** See [Threats & mitigations](threats.md) for what is currently addressed.
 See [Terminology](terminology.md) for an explanation of the supply chain
 model.
 
@@ -24,7 +25,7 @@ integrity into source integrity vs build integrity.
 
 **Source integrity:** Ensure that all changes to the source code reflect the
 intent of the software producer. Intent of an organization is difficult to
-define, so SLSA approximates this as approval from two authorized
+define, so SLSA is expected to approximate this as approval from two authorized
 representatives.
 
 **Build integrity:** Ensure that the package is built from the correct,
@@ -46,7 +47,7 @@ Many recent high-profile attacks were consequences of supply chain integrity vul
 <th>
 <th>Integrity threat
 <th>Known example
-<th>How SLSA can help
+<th>How SLSA could help
 <tbody>
 <tr>
 <td>A
@@ -96,7 +97,7 @@ Many recent high-profile attacks were consequences of supply chain integrity vul
 <th>
 <th>Availability threat
 <th>Known example
-<th>How SLSA can help
+<th>How SLSA could help
 <tbody>
 <tr>
 <td>D

docs/spec/v1.0/threats.md

@@ -5,7 +5,7 @@ description: A comprehensive technical analysis of supply chain threats and thei
 
 What follows is a comprehensive technical analysis of supply chain threats and
 their corresponding mitigations in SLSA. For an introduction to the
-supply chain threats that SLSA protects against, see [Supply chain threats].
+supply chain threats that SLSA is aiming to protect against, see [Supply chain threats].
 
 The examples on this page are meant to:
 

docs/spec/v1.1/threats-overview.md

@@ -1,19 +1,20 @@
 ---
 title: Supply chain threats
-description: Attacks can occur at every link in a typical software supply chain, and these kinds of attacks are increasingly public, disruptive, and costly in today's environment. This page is an introduction to possible attacks throughout the supply chain and how SLSA can help.
+description: Attacks can occur at every link in a typical software supply chain, and these kinds of attacks are increasingly public, disruptive, and costly in today's environment. This page is an introduction to possible attacks throughout the supply chain and how SLSA could help.
 ---
 
 Attacks can occur at every link in a typical software supply chain, and these
 kinds of attacks are increasingly public, disruptive, and costly in today's
 environment.
 
 This page is an introduction to possible attacks throughout the supply chain and how
-SLSA can help. For a more technical discussion, see [Threats & mitigations](threats.md).
+SLSA could help. For a more technical discussion, see [Threats & mitigations](threats.md).
 
 ## Summary
 
 ![Supply Chain Threats](images/supply-chain-threats.svg)
 
+**Note that SLSA does not address all of the threats presented here.** See [Threats & mitigations](threats.md) for what is currently addressed.
 See [Terminology](terminology.md) for an explanation of the supply chain
 model.
 
@@ -24,7 +25,7 @@ integrity into source integrity vs build integrity.
 
 **Source integrity:** Ensure that all changes to the source code reflect the
 intent of the software producer. Intent of an organization is difficult to
-define, so SLSA approximates this as approval from two authorized
+define, so SLSA is expected to approximate this as approval from two authorized
 representatives.
 
 **Build integrity:** Ensure that the package is built from the correct,
@@ -46,7 +47,7 @@ Many recent high-profile attacks were consequences of supply chain integrity vul
 <th>
 <th>Integrity threat
 <th>Known example
-<th>How SLSA can help
+<th>How SLSA could help
 <tbody>
 <tr>
 <td>A
@@ -96,7 +97,7 @@ Many recent high-profile attacks were consequences of supply chain integrity vul
 <th>
 <th>Availability threat
 <th>Known example
-<th>How SLSA can help
+<th>How SLSA could help
 <tbody>
 <tr>
 <td>D

docs/spec/v1.1/threats.md

@@ -5,7 +5,7 @@ description: A comprehensive technical analysis of supply chain threats and thei
 
 What follows is a comprehensive technical analysis of supply chain threats and
 their corresponding mitigations in SLSA. For an introduction to the
-supply chain threats that SLSA protects against, see [Supply chain threats].
+supply chain threats that SLSA is aiming to protect against, see [Supply chain threats].
 
 The examples on this page are meant to: