Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update policy #251

Merged
merged 4 commits into from
Feb 21, 2023
Merged

Update policy #251

merged 4 commits into from
Feb 21, 2023

Conversation

malancas
Copy link
Contributor

@malancas malancas commented Feb 16, 2023
edited
Loading

Summary

Removing some small sections from the policy.

Release Note

Documentation

@malancas
remove terms and conditions disclosure
683b830 
Signed-off-by: Meredith Lancaster <malancas@github.com>
@malancas
typo
52872ea 
Signed-off-by: Meredith Lancaster <malancas@github.com>
@codecov
Copy link

codecov bot commented Feb 16, 2023
edited
Loading

Codecov Report

Merging #251 (382cb77) into main (6f396cb) will not change coverage.
The diff coverage is n/a.

❗ Current head 382cb77 differs from pull request most recent head 445cd88. Consider uploading reports for the commit 445cd88 to get more accurate results

@@           Coverage Diff           @@
##             main     #251   +/-   ##
=======================================
  Coverage   52.66%   52.66%           
=======================================
  Files          19       19           
  Lines        1143     1143           
=======================================
  Hits          602      602           
  Misses        483      483           
  Partials       58       58

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@kommendorkapten
Copy link
Member

I reckon we should remove this section too:
https://github.com/sigstore/timestamp-authority/pull/251/files#diff-669237df67d62d453aa0fb50309ac55463d0fe7f5760b750d80981dd2805d273L424-L426

The TSA shall make available to subscribers and relying parties its practice statement, and other relevant documentation, as necessary, to assess conformance to the time-stamp policy.

NOTE 2: The TSA is not generally required to make all the details of its practices public.

That section.

My interpretation:
I think it's concerning as if we open up the TSA to the public, any user would be a subscriber or relying party. Even if the TSA is not open to public use for requesting a time-stamp, any verifier is considered a relying party, and so may request the practice statement.

@malancas
remove aditional section on practice statement
382cb77 
Signed-off-by: Meredith Lancaster <malancas@github.com>
@malancas malancas marked this pull request as ready for review February 17, 2023 14:26
@malancas malancas requested a review from a team as a code owner February 17, 2023 14:26
kommendorkapten
kommendorkapten previously approved these changes Feb 17, 2023
View reviewed changes
Copy link
Member

@kommendorkapten kommendorkapten left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀

haydentherapper
haydentherapper reviewed Feb 17, 2023
View reviewed changes
docs/tsa-policy.md Show resolved Hide resolved
docs/tsa-policy.md Show resolved Hide resolved
@malancas
restore some sections after PR feedback
445cd88 
Signed-off-by: Meredith Lancaster <malancas@github.com>
@haydentherapper haydentherapper merged commit f13026d into sigstore:main Feb 21, 2023
@malancas malancas deleted the update-policy branch February 21, 2023 16:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@haydentherapper haydentherapper haydentherapper approved these changes

@kommendorkapten kommendorkapten kommendorkapten approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@malancas @kommendorkapten @haydentherapper