Meder Kydyraliev
Meder Kydyraliev
ping? re escaping < only, what's the idea behind that? why not escape both < and >?
seem like an over optimization to me, after all this is 2012 :)
is anyone working on this? or are you expecting a pull request?
Hi everyone, I'd like to start drawing some boundaries around what the Dependencies Track will cover: 1. Objective here would be to enable fundamental capabilities that lead to and enable...
@mlieberman85 @camaleon2016, thanks, let's keep that in mind while discussing the implementation. As the starting point I'm sharing the draft Google Doc where we can have a more concrete and...
Thanks, @marcelamelara. One question I had was whether each scorecard check should have its own predicate type to enable composability where different tools can generate the same type of attestations...
Thanks, would love to collaborate. Dependency track issue is here: https://github.com/slsa-framework/slsa/issues/961 You can see the first draft there, which will be reworked based on feedback.
@tombedfordgit I should have something to share next week.
@tombedfordgit Here's a list of principles (also as [Google Doc version for comments/discussion](https://docs.google.com/document/d/1OdrDaZWlRvIqZFWOU_zXHKd8xGn3FgcpQ8Fj6ZxZ_rQ/edit?usp=sharing)): 1. Conceptual integrity and compatibility with the other two tracks: build and source. 2. As with other...