From what I've understood, SLSA defines the requirements to meet "what" and not the "how".I've been using Gitlab to generate provenance for artifacts but what's the recommended way sign & allow users to verify and perform attestation?
--
You received this message because you are subscribed to the Google Groups "slsa-discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to slsa-discussi...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/slsa-discussion/d90e4d19-36de-4599-83d3-22ae6b7b2579n%40googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/slsa-discussion/CA%2B4JDKFg%3D1xLXJPAptJEhjC14bhr76WGecjiLQtk0bs1_szOHA%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/slsa-discussion/CAHiK-Uziuqt4S73HUYgrsfMYZW7MDrVGb2ivZJF3CyEZSA7x8Q%40mail.gmail.com.