Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Be more explicit code review? #1140

Closed
TomHennen opened this issue Sep 19, 2024 · 2 comments · Fixed by #1144
Closed

Be more explicit code review? #1140

TomHennen opened this issue Sep 19, 2024 · 2 comments · Fixed by #1144
Assignees
@TomHennen
Labels
source-track

Comments

@TomHennen
Copy link
Contributor

This requirement isn't very clear. Is this alluding to code review?

Originally posted by @marcelamelara in #1094 (comment)
@TomHennen TomHennen mentioned this issue Sep 19, 2024
Merged
@TomHennen
Copy link
Contributor Author

FYI @zachariahcox

FWIW I think requiring code review at Level 3 wasn't the intent? We'd talked about having a separate tag that indicates if revisions are subject to code review.

@zachariahcox
Copy link
Contributor

the text at the time was: "The change management tool MUST be able to authoritatively state that each new revision reachable from the protected branch represents only the changes reviewed via the process."

I think we can fix this by sticking with the "change management" phrase everywhere.
EG:

"changes reviewed" -> "changes managed"

@TomHennen TomHennen self-assigned this Sep 20, 2024
@TomHennen TomHennen mentioned this issue Sep 20, 2024
Merged
lehors pushed a commit that referenced this issue Oct 7, 2024
@TomHennen
content: draft: reviewed -> managed (#1144)
8b65d53 
The use of a change management tool doesn't necessarily indicate code
was reviewed. Perhaps it's simply requiring a PR to be used or a lint
checks to be run. 'managed' more precisely gets at what's happening.

fixes #1140

Signed-off-by: Tom Hennen <tomhennen@google.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TomHennen TomHennen

Labels
source-track
Projects
Issue triage
Status: Done
SLSA Source Track
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

content: draft: reviewed -> managed TomHennen/slsa
2 participants
@TomHennen @zachariahcox