From 8117b06c2bd24c5055e9cf3eecdd2084bf996c82 Mon Sep 17 00:00:00 2001 From: Steve Winslow Date: Tue, 14 Mar 2023 14:51:22 -0400 Subject: [PATCH 1/3] cli: update privacy statement and confirmation This commit includes an update to the privacy statement and confirmation notice in the CLI tool, intended to tie into the Hosted Project Tools policy from LF Projects, LLC (available at https://lfprojects.org/policies/). Signed-off-by: Steve Winslow --- cmd/cosign/cli/sign/privacy/privacy.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/cmd/cosign/cli/sign/privacy/privacy.go b/cmd/cosign/cli/sign/privacy/privacy.go index bed7ddddb23..e2912f42fb0 100644 --- a/cmd/cosign/cli/sign/privacy/privacy.go +++ b/cmd/cosign/cli/sign/privacy/privacy.go @@ -19,12 +19,12 @@ import "sync" const ( // spacing is intentional to have this indented Statement = ` - Note that there may be personally identifiable information associated with this signed artifact. - This may include the email address associated with the account with which you authenticate. - This information will be used for signing this artifact and will be stored in public transparency logs and cannot be removed later. -` - StatementConfirmation = "By typing 'y', you attest that you grant (or have permission to grant) and agree to have this information stored permanently in transparency logs." -) + The Cosign service, hosted by sigstore a Series of LF Projects, LLC, is provided pursuant to the Hosted Project Tools Terms of Use, available at https://lfprojects.org/policies/hosted-project-tools-terms-of-use/. + Note that if your submission includes personal data associated with this signed artifact, it will be part of an immutable record. + This may include the email address associated with the account with which you authenticate your attestation and contractual Agreement. + This information will be used for signing this artifact and will be stored in public transparency logs and cannot be removed later, and is subject to the Immutable Record notice at https://lfprojects.org/policies/hosted-project-tools-immutable-records/.` + + StatementConfirmation = "By typing 'y', you attest that (1) you are not submitting the personal data of any other person; and (2) you understand and agree to the statement and the Agreement terms at the URLs listed above.") var ( StatementOnce sync.Once From 6650bf174c33d5483653c6a51a2d8786c8a3a667 Mon Sep 17 00:00:00 2001 From: Steve Winslow Date: Tue, 14 Mar 2023 17:25:40 -0400 Subject: [PATCH 2/3] cli: tweak wording for revised privacy statement Signed-off-by: Steve Winslow --- cmd/cosign/cli/sign/privacy/privacy.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/cosign/cli/sign/privacy/privacy.go b/cmd/cosign/cli/sign/privacy/privacy.go index e2912f42fb0..e72311bf662 100644 --- a/cmd/cosign/cli/sign/privacy/privacy.go +++ b/cmd/cosign/cli/sign/privacy/privacy.go @@ -19,9 +19,9 @@ import "sync" const ( // spacing is intentional to have this indented Statement = ` - The Cosign service, hosted by sigstore a Series of LF Projects, LLC, is provided pursuant to the Hosted Project Tools Terms of Use, available at https://lfprojects.org/policies/hosted-project-tools-terms-of-use/. + The sigstore service, hosted by sigstore a Series of LF Projects, LLC, is provided pursuant to the Hosted Project Tools Terms of Use, available at https://lfprojects.org/policies/hosted-project-tools-terms-of-use/. Note that if your submission includes personal data associated with this signed artifact, it will be part of an immutable record. - This may include the email address associated with the account with which you authenticate your attestation and contractual Agreement. + This may include the email address associated with the account with which you authenticate your contractual Agreement. This information will be used for signing this artifact and will be stored in public transparency logs and cannot be removed later, and is subject to the Immutable Record notice at https://lfprojects.org/policies/hosted-project-tools-immutable-records/.` StatementConfirmation = "By typing 'y', you attest that (1) you are not submitting the personal data of any other person; and (2) you understand and agree to the statement and the Agreement terms at the URLs listed above.") From 0d18d57e565e02dbd272ebbc057aed70822a6c60 Mon Sep 17 00:00:00 2001 From: Steve Winslow Date: Tue, 14 Mar 2023 18:07:37 -0400 Subject: [PATCH 3/3] cli: fix linting errors for privacy statement Signed-off-by: Steve Winslow --- cmd/cosign/cli/sign/privacy/privacy.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/cmd/cosign/cli/sign/privacy/privacy.go b/cmd/cosign/cli/sign/privacy/privacy.go index e72311bf662..3037e3c4663 100644 --- a/cmd/cosign/cli/sign/privacy/privacy.go +++ b/cmd/cosign/cli/sign/privacy/privacy.go @@ -22,9 +22,11 @@ const ( The sigstore service, hosted by sigstore a Series of LF Projects, LLC, is provided pursuant to the Hosted Project Tools Terms of Use, available at https://lfprojects.org/policies/hosted-project-tools-terms-of-use/. Note that if your submission includes personal data associated with this signed artifact, it will be part of an immutable record. This may include the email address associated with the account with which you authenticate your contractual Agreement. - This information will be used for signing this artifact and will be stored in public transparency logs and cannot be removed later, and is subject to the Immutable Record notice at https://lfprojects.org/policies/hosted-project-tools-immutable-records/.` + This information will be used for signing this artifact and will be stored in public transparency logs and cannot be removed later, and is subject to the Immutable Record notice at https://lfprojects.org/policies/hosted-project-tools-immutable-records/. +` - StatementConfirmation = "By typing 'y', you attest that (1) you are not submitting the personal data of any other person; and (2) you understand and agree to the statement and the Agreement terms at the URLs listed above.") + StatementConfirmation = "By typing 'y', you attest that (1) you are not submitting the personal data of any other person; and (2) you understand and agree to the statement and the Agreement terms at the URLs listed above." +) var ( StatementOnce sync.Once