stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

save checkpoint. addition features and their state. check some ofthem

Browse Source
This commit is contained in:
master
2026-02-10 07:54:44 +02:00
parent 4bdc298ec1
commit 5593212b41
211 changed files with 10248 additions and 1208 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
docs-archived/product/advisories/09-Feb-2026 - Repro Bundle SLSA v1 in-toto DSSE offline mode.md Normal file
View File

@@ -0,0 +1,25 @@
# 09-Feb-2026 - Repro Bundle SLSA v1 in-toto DSSE offline mode
## Advisory source
- Source: user-provided product advisory text (planning session, 2026-02-09 UTC).
- Scope: per-artifact reproducible evidence bundle with SLSA v1 provenance, in-toto link, DSSE signatures, optional Rekor anchoring, and full offline verification mode.
## Outcome
- Result: gaps confirmed in current implementation.
- Decision: advisory translated into docs + sprint tasks and archived.
## Confirmed gap themes
- Strict SLSA policy enforcement is incomplete for required fields and fail-closed validation behavior.
- Canonicalization policy is not yet enforced as one deterministic pipeline.
- Promotion gates do not yet fail closed on missing/non-compliant reproducibility evidence.
- Offline Rekor verification has trust-based shortcuts that need hardening.
- Toolchain digest pinning and deterministic packaging are not fully enforced across release scripts.
## Translation artifacts
- Active sprint: `docs/implplan/SPRINT_20260209_001_DOCS_repro_bundle_gap_closure.md`
- High-level product/docs update: `docs/key-features.md`
- Module contract: `docs/modules/attestor/repro-bundle-profile.md`
## Notes
- Supersedes/extends: none recorded.
- External web fetches: none.