slsa icon indicating copy to clipboard operation
slsa copied to clipboard
verified publisher icon slsa-framework

Remove references to 'people' in Source Requirements

Open TomHennen opened this issue 8 months ago • 5 comments

Per guiding principles we want to support anonymous contributions.

Given that, language like attribute those changes to the people that made them seems to exceed the bounds of what we're looking for.

Consider replacing 'people' with 'actors' and conduct a review of the rest of the text to see if this sort of thing exists anywhere else.

TomHennen avatar May 19 '25 15:05 TomHennen

@TomHennen you can assign this to me, i'm happy to find/replace across the spec/site

tombedfordgit avatar May 19 '25 16:05 tombedfordgit

@TomHennen you can assign this to me, i'm happy to find/replace across the spec/site

Done, thank you!

TomHennen avatar May 19 '25 16:05 TomHennen

These are the pages in which the terms 'people', 'person' or 'persons' are used:

  • https://slsa.dev/spec/draft/principles
  • https://slsa.dev/spec/v1.1/threats-overview
  • https://slsa.dev/spec/v1.1/use-cases
  • https://slsa.dev/spec/v1.1/principles
  • https://slsa.dev/spec/v1.1/terminology
  • https://slsa.dev/spec/v1.1/requirements
  • https://slsa.dev/spec/v1.1/verifying-systems
  • https://slsa.dev/spec/v1.1/threats
  • https://slsa.dev/spec/v1.1/provenance

I'll review them individually, as there are phrases where substituting the words with 'actor' would unlikely make sense.

tombedfordgit avatar Jun 02 '25 09:06 tombedfordgit

So far...

  • Raised https://github.com/slsa-framework/slsa/pull/1404 for https://slsa.dev/spec/draft/principles
  • Raised https://github.com/slsa-framework/slsa/pull/1405 for https://slsa.dev/spec/v1.1/principles

The following reference "Two-person review", which I believe is a relatively ubiquitous term. I don't think it makes sense to change this:

  • https://slsa.dev/spec/v1.1/threats-overview
  • https://slsa.dev/spec/v1.1/use-cases

I plan to complete the rest this week.

tombedfordgit avatar Jun 09 '25 16:06 tombedfordgit

Submitted additional PRs: https://slsa.dev/spec/v1.1/requirements > https://github.com/slsa-framework/slsa/pull/1448 https://slsa.dev/spec/v1.1/threats > https://github.com/slsa-framework/slsa/pull/1449 https://slsa.dev/spec/v1.1/provenance > https://github.com/slsa-framework/slsa/pull/1450

The following reference "Two-person review", which as mentioned previously, is a relatively ubiquitous term. I don't think it makes sense to update these: https://slsa.dev/spec/v1.1/terminology https://slsa.dev/spec/v1.1/verifying-systems

tombedfordgit avatar Jun 23 '25 20:06 tombedfordgit

This has been mitigated in the draft folder by other PRs 👍

zachariahcox avatar Sep 15 '25 16:09 zachariahcox