-
Notifications
You must be signed in to change notification settings - Fork 236
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
blog: Add blog post announcing v1.1 RC2 #1317
Merged
Merged
Changes from 6 commits
Commits
Show all changes
11 commits
Select commit
Hold shift + click to select a range
359b724
Add blog post announcing v1.1 RC2
lehors 32d6da2
trim trailing whitespace
lehors 03d9fc6
Update docs/_posts/2025-04-04-slsa-v1.1-rc2.md
lehors ec7c760
revise intro
lehors 4c0a0ca
Update docs/_posts/2025-04-04-slsa-v1.1-rc2.md
lehors 4dfd5bf
make statement explicit about backwards compatibility
lehors 535d0f2
Update 2025-04-04-slsa-v1.1-rc2.md
michaelwinser 8e74413
Merge pull request #1 from michaelwinser/v1.1-rc2-blogpost
lehors 213ea51
Fix markdown
lehors 6d6d8e1
Fix markdown
lehors 23f068c
Expand VSA
lehors File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
--- | ||
title: Announcing SLSA v1.1 Release Candidate 2 | ||
author: "SLSA Community" | ||
is_guest_post: false | ||
--- | ||
|
||
Since the publication of [SLSA 1.0](/spec/v1.0/) back in April 2023, the | ||
SLSA specification community has been busy developing several new tracks | ||
covering areas such as source and build environment. While we are excited | ||
about these additions, we wanted to publish other improvements that were | ||
made to the specification without waiting for those additions. To that end | ||
[SLSA Version 1.1 Release Candidate 1 (RC1)](/spec/v1.1-rc1/) was published | ||
in August 2024. | ||
|
||
During the review period we found out several loose ends with the updated | ||
threat model section, which forced us to go through another round of | ||
edits. While this took longer than we had anticipated (mostly due to the | ||
fact that the main contributors were focusing on developing the new | ||
tracks), we are pleased to announce that [Version 1.1 RC2](/spec/v1.1-rc2/) | ||
is now available for review. | ||
|
||
This new version brings several changes aimed at enhancing the clarity and | ||
arewm marked this conversation as resolved.
Show resolved
Hide resolved
|
||
usability of the specification. In particular, this update refines the threat | ||
model and possible mitigations, clarifies the role of attestation format | ||
schemas and procedure for verifying Verification Summary Attestations (VSA), | ||
and adds verifier metadata to the VSA. Please, refer to the [What's | ||
new](/spec/v1.1-rc2/whats-new) section for further details. | ||
|
||
It is worth noting that SLSA 1.1 is backwards compatible with SLSA 1.0. | ||
|
||
The SLSA specification follows the [Community Specification] lifecycle | ||
going through several [stages of maturation](/spec-stages). The publication | ||
of a candidate for [Approved Specification] starts a 2 week review period | ||
during which the community at large is invited to review the draft and | ||
raise any issues. If you do find any issue, please, open an issue on | ||
[GitHub]. If no major issues are found during this review period the V1.1 | ||
RC2 draft will then be published as Version 1.1, the new [Approved | ||
Specification], effectively replacing Version 1.0. | ||
|
||
[Community Specification]: https://github.com/CommunitySpecification/Community_Specification/blob/main/ | ||
[GitHub]: https://github.com/slsa-framework/slsa/issues | ||
[backlog]: https://github.com/orgs/slsa-framework/projects/1/views/1 | ||
[Approved Specification]: /spec-stages#approved |
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should add a short list of bullet points that briefly describes what we want out of this blog post. E.g.
Summary
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds good to me. Thanks!