Please review the draft for March's report

Santiago Torres-Arias santiago at archlinux.org
Tue Apr 6 23:25:34 UTC 2021


> Thanks!
> 
> Where are those edits?  I don't see them in reproducible-website.git or in your reply.

Oh, I just pushed, my bad (I wanted to double check it rendered properly
locally and I went down a rabbit hole of fixing my gen environment...).
Let me know if this helps...
> 
> > I wasn't trying to be incredibly pedantic about the phrasing, but
> > rather to be upfront about sigstore not having a trust policy (yet).
> > Sigstore is actively working with communities (such as this one) to
> > better identify what policies make sense (e.g., to allow to represent
> > and enforce a build being reproducible).
> > 
> > > Given that you're involved the effort, and perhaps aware of plans to
> > > address this in the future, perhaps you could propose better text for
> > > the blog post?
> > 
> > Definitely, I should've engaged more with the early LF press-releases (I
> > try to stick to systems building, research and education). I supplied a
> > quote as a Purdue University professor, but that's as far as my
> > engagement was with the press push.
> > 
> > My earlier email is intended to help disambiguate. I agree that the
> > blogpost/announcement is quite content-free when read through with a
> > fine comb.
> 
> By "blog post" I actually intended to refer to r-b's monthly report,
> since that one is due to be published tomorrow, but clarifying
> sigstore's docs is of course also a good thing ☺

Oh, well, yeah... :)

Cheers!
-Santiago
> 
> Cheers,
> 
> Daniel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20210406/67505a32/attachment.sig>


More information about the rb-general mailing list