Please review the draft for March's report
santiago at archlinux.org
Tue Apr 6 23:25:34 UTC 2021
> Where are those edits? I don't see them in reproducible-website.git or in your reply.
Oh, I just pushed, my bad (I wanted to double check it rendered properly
locally and I went down a rabbit hole of fixing my gen environment...).
Let me know if this helps...
> > I wasn't trying to be incredibly pedantic about the phrasing, but
> > rather to be upfront about sigstore not having a trust policy (yet).
> > Sigstore is actively working with communities (such as this one) to
> > better identify what policies make sense (e.g., to allow to represent
> > and enforce a build being reproducible).
> > > Given that you're involved the effort, and perhaps aware of plans to
> > > address this in the future, perhaps you could propose better text for
> > > the blog post?
> > Definitely, I should've engaged more with the early LF press-releases (I
> > try to stick to systems building, research and education). I supplied a
> > quote as a Purdue University professor, but that's as far as my
> > engagement was with the press push.
> > My earlier email is intended to help disambiguate. I agree that the
> > blogpost/announcement is quite content-free when read through with a
> > fine comb.
> By "blog post" I actually intended to refer to r-b's monthly report,
> since that one is due to be published tomorrow, but clarifying
> sigstore's docs is of course also a good thing ☺
Oh, well, yeah... :)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available
More information about the rb-general