It seems like "artifact provenance" or something would have been a better term. ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		moeris on April 21, 2023 \| parent \| context \| favorite \| on: Introducing 'Trusted Publishers' It seems like "artifact provenance" or something would have been a better term. Is this related to SLSA?

woodruffw on April 22, 2023 [–]

It’s not directly related to SLSA, although SLSA is an adjacent effort to improve package security!

I think provenance would be misleading in this context, since it’s mostly a side effect of the intended behavior (i.e., publishing without needing to manually configure a shared credential).

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact