Please review the draft for March's report
Santiago Torres-Arias
santiago at archlinux.org
Tue Apr 6 23:25:34 UTC 2021
> Thanks!
>
> Where are those edits? I don't see them in reproducible-website.git or in your reply.
Oh, I just pushed, my bad (I wanted to double check it rendered properly
locally and I went down a rabbit hole of fixing my gen environment...).
Let me know if this helps...
>
> > I wasn't trying to be incredibly pedantic about the phrasing, but
> > rather to be upfront about sigstore not having a trust policy (yet).
> > Sigstore is actively working with communities (such as this one) to
> > better identify what policies make sense (e.g., to allow to represent
> > and enforce a build being reproducible).
> >
> > > Given that you're involved the effort, and perhaps aware of plans to
> > > address this in the future, perhaps you could propose better text for
> > > the blog post?
> >
> > Definitely, I should've engaged more with the early LF press-releases (I
> > try to stick to systems building, research and education). I supplied a
> > quote as a Purdue University professor, but that's as far as my
> > engagement was with the press push.
> >
> > My earlier email is intended to help disambiguate. I agree that the
> > blogpost/announcement is quite content-free when read through with a
> > fine comb.
>
> By "blog post" I actually intended to refer to r-b's monthly report,
> since that one is due to be published tomorrow, but clarifying
> sigstore's docs is of course also a good thing ☺
Oh, well, yeah... :)
Cheers!
-Santiago
>
> Cheers,
>
> Daniel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20210406/67505a32/attachment.sig>
More information about the rb-general
mailing list