Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revisit 'reliable' language for L3 #1137

Closed
TomHennen opened this issue Sep 19, 2024 · 3 comments · Fixed by #1143
Closed

Revisit 'reliable' language for L3 #1137

TomHennen opened this issue Sep 19, 2024 · 3 comments · Fixed by #1143
Labels
source-track

Comments

@TomHennen
Copy link
Contributor

"Reliable" may be too strong a qualifier here. It's still up to the consumer to decide if they deem the information as such, so we might want to instead use a term like "auditable" or "verifiable" here.

Originally posted by @marcelamelara in #1094 (comment)
@TomHennen
Copy link
Contributor Author

@zachariahcox

yeah, like "as reliable as the issuer?"
I doubt if they will always be auditable or verifiable in anyway. It would feel more or less like "SCP says X with no real way to prove it. Trust it or don't."

@TomHennen TomHennen mentioned this issue Sep 19, 2024
Merged
@zachariahcox
Copy link
Contributor

yeah, are issuers "reliable?" I guess the answer is "hopefully!"

I'd support cutting this word if it's confusing things.

@TomHennen TomHennen mentioned this issue Sep 20, 2024
Merged
@zachariahcox
Copy link
Contributor

@TomHennen I left a comment on the linked pr. maybe "authentic" is the best we can claim here.

TomHennen added a commit that referenced this issue Oct 16, 2024
@TomHennen
content: draft: reliable -> authenticatable and auditable (#1143)
2a1e32b 
Clarify what type of data source level 3 provides to policy enforcement
tools.

'authenticatable and auditable' is more easily understood by the
community than 'reliable'. It's also less prone to misinterpretation
than 'verifiable' which might sound like a much more thorough process
has been done.

fixes #1137

Signed-off-by: Tom Hennen <tomhennen@google.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
source-track
Projects
Issue triage
Status: Done
SLSA Source Track
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

content: draft: reliable -> authenticatable and auditable TomHennen/slsa
2 participants
@TomHennen @zachariahcox