-
Notifications
You must be signed in to change notification settings - Fork 509
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cli: update privacy statement and confirmation #2797
Conversation
This commit includes an update to the privacy statement and confirmation notice in the CLI tool, intended to tie into the Hosted Project Tools policy from LF Projects, LLC (available at https://lfprojects.org/policies/). Signed-off-by: Steve Winslow <steve@swinslow.net>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Edit: Following up offline
The text that is in this statement was approved by the LF, I don't want to modify it without consultation. Adding a link to the hosted tools ToS and immutable record notice should be fine.
Signed-off-by: Steve Winslow <steve@swinslow.net>
Hi @haydentherapper, I pushed 6650bf1 to tweak the wording to address the "Cosign service" and "attestation" points. For "personal data", I think this is the wording that LF would be inclined to use here. Does this address the concerns for the PR? Thank you! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good, thanks!
The sigstore service, hosted by sigstore a Series of LF Projects, LLC, is provided pursuant to the Hosted Project Tools Terms of Use, available at https://lfprojects.org/policies/hosted-project-tools-terms-of-use/. | ||
Note that if your submission includes personal data associated with this signed artifact, it will be part of an immutable record. | ||
This may include the email address associated with the account with which you authenticate your contractual Agreement. | ||
This information will be used for signing this artifact and will be stored in public transparency logs and cannot be removed later, and is subject to the Immutable Record notice at https://lfprojects.org/policies/hosted-project-tools-immutable-records/.` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you move the backtick to a newline?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done!
This may include the email address associated with the account with which you authenticate your contractual Agreement. | ||
This information will be used for signing this artifact and will be stored in public transparency logs and cannot be removed later, and is subject to the Immutable Record notice at https://lfprojects.org/policies/hosted-project-tools-immutable-records/.` | ||
|
||
StatementConfirmation = "By typing 'y', you attest that (1) you are not submitting the personal data of any other person; and (2) you understand and agree to the statement and the Agreement terms at the URLs listed above.") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you lint the file?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've now run it through gofmt -s
. Not seeing the goimports issue, but hoping it resolves now?
Apologies, I'm a bit more of a lawyer than a coder these days 🙃 I'm hoping it should pass this time, but grateful for anything you can do to point me in the right direction if it is still failing!
Codecov Report
@@ Coverage Diff @@
## main #2797 +/- ##
==========================================
+ Coverage 28.98% 29.51% +0.52%
==========================================
Files 151 151
Lines 9657 9657
==========================================
+ Hits 2799 2850 +51
+ Misses 6438 6368 -70
- Partials 420 439 +19 see 4 files with indirect coverage changes Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
Signed-off-by: Steve Winslow <steve@swinslow.net>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
@bobcallaway Can you merge?
* cli: update privacy statement and confirmation This commit includes an update to the privacy statement and confirmation notice in the CLI tool, intended to tie into the Hosted Project Tools policy from LF Projects, LLC (available at https://lfprojects.org/policies/). Signed-off-by: Steve Winslow <steve@swinslow.net> * cli: tweak wording for revised privacy statement Signed-off-by: Steve Winslow <steve@swinslow.net> * cli: fix linting errors for privacy statement Signed-off-by: Steve Winslow <steve@swinslow.net> --------- Signed-off-by: Steve Winslow <steve@swinslow.net>
Fixes #2796
Summary
This commit includes an update to the privacy statement and confirmation notice in the CLI tool, intended to tie into the Hosted Project Tools policy from LF Projects, LLC (available at https://lfprojects.org/policies/).
Release Note
Updated the privacy statement to align with the new Hosted Project Tools terms and notice from LF Projects, LLC
Documentation
N/A
cc @mkdolan for visibility