Ecosyste.ms: Timeline
Browse the timeline of events for every public repo on GitHub. Data updated hourly from GH Archive.
spencerschrock created a review comment on a pull request on sigstore/model-transparency
the diff looks a little weird, but this is just removing this block and moving the indents over: ```diff -if args.skip_manifest: - in_toto_builder = id # Do nothing, just evaluate the ar...
spencerschrock opened a pull request on sigstore/model-transparency
bench: return the intoto payload if requested
#### Summary Instead of throwing the payload away, this will allow further benchmarking for things that need the payload, such as signing. #### Release Note NONE #### Documentation NONE
spencerschrock pushed 1 commit to return-payload spencerschrock/model-transparency
- bench: return the intoto payload if requested This will allow further benchmarking for things that need the payload,... d99e271
spencerschrock created a branch on spencerschrock/model-transparency
return-payload - Supply chain security for ML
spencerschrock created a review comment on a pull request on ossf/scorecard
for my own understanding, this removes the repo field from the JSON since intoto already has a subject in the statement?
spencerschrock created a review comment on a pull request on ossf/scorecard
Let's do `FormatIntoto = "intoto"`, I'll leave a few other comments on names.
spencerschrock created a review comment on a pull request on ossf/scorecard
do we expect someone to reference these? Or in general, do we need to export anything here other than `AsIntoto` and `AsIntotoResultOption`?
spencerschrock pushed 1 commit to optimize-chunk spencerschrock/model-transparency
- change default chunk size to 1 MB This value was based on the benchmarks in f0a6e96. The exact improvement is platfo... b490161
spencerschrock created a review on a pull request on ossf/scorecard-action
@dependabot squash and merge
spencerschrock created a comment on an issue on sigstore/model-transparency
+1 to job level Note: GitHub does not have step level permissions https://docs.github.com/actions/writing-workflows/workflow-syntax-for-github-actions#permissions
spencerschrock created a comment on an issue on ossf/scorecard
Ah, I had initially misunderstood this as us not detecting a vulnerable input to `gh`, something like this (which is a meaningless example, because `gh pr view` takes a number, not a title): ``` HE...
spencerschrock created a review on a pull request on ossf/scorecard-action
@dependabot squash and merge
spencerschrock created a review on a pull request on ossf/scorecard-action
@dependabot squash and merge
spencerschrock created a review on a pull request on ossf/scorecard-action
@dependabot squash and merge
spencerschrock created a comment on a pull request on ossf/scorecard
@dependabot ignore github.com/google/go-containerregistry patch version
spencerschrock created a comment on an issue on sigstore/model-transparency
The library has changed since OSS NA 2024, and the old signature can't be validated by the new API. So either the signature needs to be reproduced, or you check out a commit here from ~9 months ago...
spencerschrock created a review comment on a pull request on ossf/scorecard
Oops, forgot you made this a helper, it's still a `ErrScorecardInternal` for `AsJSON2`, so no breaking change here.