> Thanks! > > Where are those edits? I don't see them in reproducible-website.git or in > your reply.
Oh, I just pushed, my bad (I wanted to double check it rendered properly locally and I went down a rabbit hole of fixing my gen environment...). Let me know if this helps... > > > I wasn't trying to be incredibly pedantic about the phrasing, but > > rather to be upfront about sigstore not having a trust policy (yet). > > Sigstore is actively working with communities (such as this one) to > > better identify what policies make sense (e.g., to allow to represent > > and enforce a build being reproducible). > > > > > Given that you're involved the effort, and perhaps aware of plans to > > > address this in the future, perhaps you could propose better text for > > > the blog post? > > > > Definitely, I should've engaged more with the early LF press-releases (I > > try to stick to systems building, research and education). I supplied a > > quote as a Purdue University professor, but that's as far as my > > engagement was with the press push. > > > > My earlier email is intended to help disambiguate. I agree that the > > blogpost/announcement is quite content-free when read through with a > > fine comb. > > By "blog post" I actually intended to refer to r-b's monthly report, > since that one is due to be published tomorrow, but clarifying > sigstore's docs is of course also a good thing ☺ Oh, well, yeah... :) Cheers! -Santiago > > Cheers, > > Daniel
signature.asc
Description: PGP signature