profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/MarkLodato/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.

MarkLodato/git-reparent 46

Git command to recommit HEAD with a new set of parents

MarkLodato/js-boxdrawing 34

JavaScript Box Drawing Library

MarkLodato/git-ssh-server 28

A restricted shell for managing GitHub-like sites through SSH.

in-toto/attestation 27

ITE-6 Attestation Definitions

MarkLodato/gh-contest 10

My github contest entry

MarkLodato/patch-converter 9

A script to convert the output of git patches to Hg format.

MarkLodato/cgit 5

a fast web interface for git

MarkLodato/dotfiles 5

My dotfiles

MarkLodato/cython_freeze 2

DEPRECATED: Equivalent of freeze.py for Cython

startedhttplock/httplock

started time in 41 minutes

PullRequestReviewEvent

Pull request review commentin-toto/in-toto-java

Implementation of new In-toto 0.1.0, DSSE 1.0.0, and SLSA Provenance 0.1.1

+package io.github.intoto.helpers;++import com.fasterxml.jackson.core.JsonProcessingException;+import com.fasterxml.jackson.databind.ObjectMapper;+import com.fasterxml.jackson.databind.SerializationFeature;+import io.github.dsse.models.IntotoEnvelope;+import io.github.dsse.models.Signature;+import io.github.dsse.models.Signer;+import io.github.intoto.exceptions.InvalidModelException;+import io.github.intoto.models.Statement;+import java.security.InvalidKeyException;+import java.security.NoSuchAlgorithmException;+import java.security.SignatureException;+import java.util.Base64;+import java.util.List;+import java.util.Set;+import java.util.stream.Collectors;+import javax.validation.ConstraintViolation;+import javax.validation.Validation;+import javax.validation.Validator;++/**+ * Helper class for the intoto-java implementation. This class provides with helper methods to+ * validate and transform {@link Statement} into their JSON representations.+ */+public class IntotoHelper {++  private static final ObjectMapper objectMapper = new ObjectMapper();+  private static final Validator validator =+      Validation.buildDefaultValidatorFactory().getValidator();++  /**+   * Creates a JSON String representation of a DSSE Envelope.+   *+   * @param statement the Statement to add to the envelope+   * @param signer the Signer that will be used to sign the payloads.+   * @param prettyPrint if true it will pretty print the final Envelope JSON representation+   * @return a JSON representation for the envelope.+   * @throws InvalidModelException thrown when the given statement is not valid+   * @throws JsonProcessingException thrown when there are issues generating the JSON string+   * @throws NoSuchAlgorithmException thrown when there are issues encrypting the payloads in the+   *     Envelope+   * @throws SignatureException thrown when there are issues with the given key in the Signer+   * @throws InvalidKeyException thrown when there are issues matching the key with the given+   *     algorithm+   */+  public static String produceIntotoEnvelopeAsJson(+      Statement statement, Signer signer, boolean prettyPrint)+      throws InvalidModelException, JsonProcessingException, NoSuchAlgorithmException,+          SignatureException, InvalidKeyException {+    // Get the Base64 encoded Statement to use as the payload+    String jsonStatement = validateAndTransformToJson(statement, false);+    String base64EncodedStatement = Base64.getEncoder().encodeToString(jsonStatement.getBytes());++    IntotoEnvelope envelope = new IntotoEnvelope();+    // Create the signed payload with the DSSEv1 format and sign it!+    byte[] signedDsseV1Payload =+        signer.sign(+            createPreAuthenticationEncoding(envelope.getPayloadType(), base64EncodedStatement));++    Signature signature = new Signature();+    signature.setKeyId(signer.getKeyId());+    // The sig contains the base64 encoded version of the signedDsseV1Payload+    signature.setSig(Base64.getEncoder().encodeToString(signedDsseV1Payload));+    // Let's complete the envelope+    envelope.setPayload(base64EncodedStatement);+    envelope.setSignatures(List.of(signature));+    if (prettyPrint) {+      return objectMapper.writerWithDefaultPrettyPrinter().writeValueAsString(envelope);+    }+    return objectMapper.writeValueAsString(envelope);+  }++  /**+   * Produces an {@link IntotoEnvelope} and signs the payload with the given Signer. Note: There is+   * another convenience method that returns the serialized JSON representation for the envelope+   *+   * @param statement the Statement to add to the envelope+   * @param signer the Signer that will be used to sign the payloads.+   * @return will return a {@link IntotoEnvelope} instead of the JSON representation.+   * @throws InvalidModelException thrown when the given statement is not valid+   * @throws JsonProcessingException thrown when there are issues generating the JSON string+   * @throws NoSuchAlgorithmException thrown when there are issues encrypting the payloads in the *+   *     Envelope+   * @throws SignatureException thrown when there are issues with the given key in the Signer+   * @throws InvalidKeyException thrown when there are issues matching the key with the given *+   *     algorithm+   */+  public static IntotoEnvelope produceIntotoEnvelope(Statement statement, Signer signer)+      throws InvalidModelException, JsonProcessingException, NoSuchAlgorithmException,+          SignatureException, InvalidKeyException {+    // Get the Base64 encoded Statement to use as the payload+    String jsonStatement = validateAndTransformToJson(statement, false);+    String base64EncodedStatement = Base64.getEncoder().encodeToString(jsonStatement.getBytes());++    IntotoEnvelope envelope = new IntotoEnvelope();+    // Create the signed payload with the DSSEv1 format and sign it!+    byte[] signedDsseV1Payload =+        signer.sign(+            createPreAuthenticationEncoding(envelope.getPayloadType(), base64EncodedStatement));+    Signature signature = new Signature();+    signature.setKeyId(signer.getKeyId());+    // The sig contains the base64 encoded version of the signedDsseV1Payload+    signature.setSig(Base64.getEncoder().encodeToString(signedDsseV1Payload));+    // Let's complete the envelope+    envelope.setPayload(base64EncodedStatement);+    envelope.setSignatures(List.of(signature));+    return envelope;+  }++  /**+   * Generates the Pre-Authentication Encoding+   *<pre>+   * "DSSEv1" + SP + LEN(type) + SP + type + SP + LEN(body) + SP + body+   *+   * where:+   * + = concatenation+   * SP = ASCII space [0x20]+   * "DSSEv1" = ASCII [0x44, 0x53, 0x53, 0x45, 0x76, 0x31]+   * LEN(s) = ASCII decimal encoding of the byte length of s, with no leading zeros+   *<pre/>+   * @param payloadType the type of payload. Fixed for in-toto Envelopes+   * @param payload the base64 encoded Statement in JSON

That is for the JSON payload field. JSON only handles unicode strings, not bytes, so all binary data must be base64-encoded. However, PAE access the raw binary (bytes) payload, before encoding.

Alos

comment created time in 19 hours

push eventslsa-framework/slsa

Mark Lodato

commit sha 806f3ce0c0f0862e0acebcdcf2bb7edb73f23252

Link to specific blob in GitHub. In the footer "View on GitHub" link, we now link to the specific Markdown page rather than the top-level site. This makes it easier to edit the page and view the source. Signed-off-by: Mark Lodato <lodato@google.com>

view details

Mark Lodato

commit sha 571b5da54880a4b7a5bd0ba86afab87524412cda

Merge pull request #170 from MarkLodato/source-link Link to specific blob in GitHub.

view details

push time in 20 hours

delete branch MarkLodato/slsa

delete branch : source-link

delete time in 20 hours

PR merged slsa-framework/slsa

Link to specific blob in GitHub.

In the footer "View on GitHub" link, we now link to the specific Markdown page rather than the top-level site. This makes it easier to edit the page and view the source.

Signed-off-by: Mark Lodato lodato@google.com

+1 -1

0 comment

1 changed file

MarkLodato

pr closed time in 20 hours

Pull request review commentin-toto/in-toto-java

Implementation of new In-toto 0.1.0, DSSE 1.0.0, and SLSA Provenance 0.1.1

+package io.github.intoto.helpers;++import com.fasterxml.jackson.core.JsonProcessingException;+import com.fasterxml.jackson.databind.ObjectMapper;+import com.fasterxml.jackson.databind.SerializationFeature;+import io.github.dsse.models.IntotoEnvelope;+import io.github.dsse.models.Signature;+import io.github.dsse.models.Signer;+import io.github.intoto.exceptions.InvalidModelException;+import io.github.intoto.models.Statement;+import java.security.InvalidKeyException;+import java.security.NoSuchAlgorithmException;+import java.security.SignatureException;+import java.util.Base64;+import java.util.List;+import java.util.Set;+import java.util.stream.Collectors;+import javax.validation.ConstraintViolation;+import javax.validation.Validation;+import javax.validation.Validator;++/**+ * Helper class for the intoto-java implementation. This class provides with helper methods to+ * validate and transform {@link Statement} into their JSON representations.+ */+public class IntotoHelper {++  private static final ObjectMapper objectMapper = new ObjectMapper();+  private static final Validator validator =+      Validation.buildDefaultValidatorFactory().getValidator();++  /**+   * Creates a JSON String representation of a DSSE Envelope.+   *+   * @param statement the Statement to add to the envelope+   * @param signer the Signer that will be used to sign the payloads.+   * @param prettyPrint if true it will pretty print the final Envelope JSON representation+   * @return a JSON representation for the envelope.+   * @throws InvalidModelException thrown when the given statement is not valid+   * @throws JsonProcessingException thrown when there are issues generating the JSON string+   * @throws NoSuchAlgorithmException thrown when there are issues encrypting the payloads in the+   *     Envelope+   * @throws SignatureException thrown when there are issues with the given key in the Signer+   * @throws InvalidKeyException thrown when there are issues matching the key with the given+   *     algorithm+   */+  public static String produceIntotoEnvelopeAsJson(+      Statement statement, Signer signer, boolean prettyPrint)+      throws InvalidModelException, JsonProcessingException, NoSuchAlgorithmException,+          SignatureException, InvalidKeyException {+    // Get the Base64 encoded Statement to use as the payload+    String jsonStatement = validateAndTransformToJson(statement, false);+    String base64EncodedStatement = Base64.getEncoder().encodeToString(jsonStatement.getBytes());++    IntotoEnvelope envelope = new IntotoEnvelope();+    // Create the signed payload with the DSSEv1 format and sign it!+    byte[] signedDsseV1Payload =+        signer.sign(+            createPreAuthenticationEncoding(envelope.getPayloadType(), base64EncodedStatement));++    Signature signature = new Signature();+    signature.setKeyId(signer.getKeyId());+    // The sig contains the base64 encoded version of the signedDsseV1Payload+    signature.setSig(Base64.getEncoder().encodeToString(signedDsseV1Payload));+    // Let's complete the envelope+    envelope.setPayload(base64EncodedStatement);+    envelope.setSignatures(List.of(signature));+    if (prettyPrint) {+      return objectMapper.writerWithDefaultPrettyPrinter().writeValueAsString(envelope);+    }+    return objectMapper.writeValueAsString(envelope);+  }++  /**+   * Produces an {@link IntotoEnvelope} and signs the payload with the given Signer. Note: There is+   * another convenience method that returns the serialized JSON representation for the envelope+   *+   * @param statement the Statement to add to the envelope+   * @param signer the Signer that will be used to sign the payloads.+   * @return will return a {@link IntotoEnvelope} instead of the JSON representation.+   * @throws InvalidModelException thrown when the given statement is not valid+   * @throws JsonProcessingException thrown when there are issues generating the JSON string+   * @throws NoSuchAlgorithmException thrown when there are issues encrypting the payloads in the *+   *     Envelope+   * @throws SignatureException thrown when there are issues with the given key in the Signer+   * @throws InvalidKeyException thrown when there are issues matching the key with the given *+   *     algorithm+   */+  public static IntotoEnvelope produceIntotoEnvelope(Statement statement, Signer signer)+      throws InvalidModelException, JsonProcessingException, NoSuchAlgorithmException,+          SignatureException, InvalidKeyException {+    // Get the Base64 encoded Statement to use as the payload+    String jsonStatement = validateAndTransformToJson(statement, false);+    String base64EncodedStatement = Base64.getEncoder().encodeToString(jsonStatement.getBytes());++    IntotoEnvelope envelope = new IntotoEnvelope();+    // Create the signed payload with the DSSEv1 format and sign it!+    byte[] signedDsseV1Payload =+        signer.sign(+            createPreAuthenticationEncoding(envelope.getPayloadType(), base64EncodedStatement));+    Signature signature = new Signature();+    signature.setKeyId(signer.getKeyId());+    // The sig contains the base64 encoded version of the signedDsseV1Payload+    signature.setSig(Base64.getEncoder().encodeToString(signedDsseV1Payload));+    // Let's complete the envelope+    envelope.setPayload(base64EncodedStatement);+    envelope.setSignatures(List.of(signature));+    return envelope;+  }++  /**+   * Generates the Pre-Authentication Encoding+   *<pre>+   * "DSSEv1" + SP + LEN(type) + SP + type + SP + LEN(body) + SP + body+   *+   * where:+   * + = concatenation+   * SP = ASCII space [0x20]+   * "DSSEv1" = ASCII [0x44, 0x53, 0x53, 0x45, 0x76, 0x31]+   * LEN(s) = ASCII decimal encoding of the byte length of s, with no leading zeros+   *<pre/>+   * @param payloadType the type of payload. Fixed for in-toto Envelopes+   * @param payload the base64 encoded Statement in JSON

This is not supposed to be base64 encoded. It's supposed to be the raw payload in bytes.

Alos

comment created time in a day

PullRequestReviewEvent

Pull request review commentin-toto/in-toto-java

Implementation of new In-toto 0.1.0, DSSE 1.0.0, and SLSA Provenance 0.1.1

+package io.github.dsse.helpers;++import io.github.dsse.models.Signer;+import java.security.InvalidKeyException;+import java.security.NoSuchAlgorithmException;+import java.security.PrivateKey;+import java.security.Signature;+import java.security.SignatureException;++public class SimpleECDSASigner implements Signer {+  private final PrivateKey privateKey;++  public SimpleECDSASigner(PrivateKey privateKey) {+    this.privateKey = privateKey;+  }++  @Override+  public byte[] sign(String payload)+      throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {+    Signature signature = Signature.getInstance("SHA1withECDSA");

Can we use SHA 256 instead of SHA 1? (Same in the other files.)

Alos

comment created time in a day

Pull request review commentin-toto/in-toto-java

Implementation of new In-toto 0.1.0, DSSE 1.0.0, and SLSA Provenance 0.1.1

+package io.github.intoto.helpers;++import com.fasterxml.jackson.core.JsonProcessingException;+import com.fasterxml.jackson.databind.ObjectMapper;+import com.fasterxml.jackson.databind.SerializationFeature;+import io.github.dsse.models.IntotoEnvelope;+import io.github.dsse.models.Signature;+import io.github.dsse.models.Signer;+import io.github.intoto.exceptions.InvalidModelException;+import io.github.intoto.models.Statement;+import java.security.InvalidKeyException;+import java.security.NoSuchAlgorithmException;+import java.security.SignatureException;+import java.util.Base64;+import java.util.List;+import java.util.Set;+import java.util.stream.Collectors;+import javax.validation.ConstraintViolation;+import javax.validation.Validation;+import javax.validation.Validator;++/**+ * Helper class for the intoto-java implementation. This class provides with helper methods to+ * validate and transform {@link Statement} into their JSON representations.+ */+public class IntotoHelper {++  private static final ObjectMapper objectMapper = new ObjectMapper();+  private static final Validator validator =+      Validation.buildDefaultValidatorFactory().getValidator();++  /**+   * Creates a JSON String representation of a DSSE Envelope.+   *+   * @param statement the Statement to add to the envelope+   * @param signer the Signer that will be used to sign the payloads.+   * @param prettyPrint if true it will pretty print the final Envelope JSON representation+   * @return a JSON representation for the envelope.+   * @throws InvalidModelException thrown when the given statement is not valid+   * @throws JsonProcessingException thrown when there are issues generating the JSON string+   * @throws NoSuchAlgorithmException thrown when there are issues encrypting the payloads in the+   *     Envelope+   * @throws SignatureException thrown when there are issues with the given key in the Signer+   * @throws InvalidKeyException thrown when there are issues matching the key with the given+   *     algorithm+   */+  public static String produceIntotoEnvelopeAsJson(+      Statement statement, Signer signer, boolean prettyPrint)+      throws InvalidModelException, JsonProcessingException, NoSuchAlgorithmException,+          SignatureException, InvalidKeyException {+    // Get the Base64 encoded Statement to use as the payload+    String jsonStatement = validateAndTransformToJson(statement, false);+    String base64EncodedStatement = Base64.getEncoder().encodeToString(jsonStatement.getBytes());++    IntotoEnvelope envelope = new IntotoEnvelope();+    // Create the signed payload with the DSSEv1 format and sign it!+    byte[] signedDsseV1Payload =+        signer.sign(+            createPreAuthenticationEncoding(envelope.getPayloadType(), base64EncodedStatement));++    Signature signature = new Signature();+    signature.setKeyId(signer.getKeyId());+    // The sig contains the base64 encoded version of the signedDsseV1Payload+    signature.setSig(Base64.getEncoder().encodeToString(signedDsseV1Payload));+    // Let's complete the envelope+    envelope.setPayload(base64EncodedStatement);+    envelope.setSignatures(List.of(signature));+    if (prettyPrint) {+      return objectMapper.writerWithDefaultPrettyPrinter().writeValueAsString(envelope);+    }+    return objectMapper.writeValueAsString(envelope);+  }++  /**+   * Produces an {@link IntotoEnvelope} and signs the payload with the given Signer. Note: There is+   * another convenience method that returns the serialized JSON representation for the envelope+   *+   * @param statement the Statement to add to the envelope+   * @param signer the Signer that will be used to sign the payloads.+   * @return will return a {@link IntotoEnvelope} instead of the JSON representation.+   * @throws InvalidModelException thrown when the given statement is not valid+   * @throws JsonProcessingException thrown when there are issues generating the JSON string+   * @throws NoSuchAlgorithmException thrown when there are issues encrypting the payloads in the *+   *     Envelope+   * @throws SignatureException thrown when there are issues with the given key in the Signer+   * @throws InvalidKeyException thrown when there are issues matching the key with the given *+   *     algorithm+   */+  public static IntotoEnvelope produceIntotoEnvelope(Statement statement, Signer signer)+      throws InvalidModelException, JsonProcessingException, NoSuchAlgorithmException,+          SignatureException, InvalidKeyException {+    // Get the Base64 encoded Statement to use as the payload+    String jsonStatement = validateAndTransformToJson(statement, false);+    String base64EncodedStatement = Base64.getEncoder().encodeToString(jsonStatement.getBytes());++    IntotoEnvelope envelope = new IntotoEnvelope();+    // Create the signed payload with the DSSEv1 format and sign it!+    byte[] signedDsseV1Payload =+        signer.sign(+            createPreAuthenticationEncoding(envelope.getPayloadType(), base64EncodedStatement));+    Signature signature = new Signature();+    signature.setKeyId(signer.getKeyId());+    // The sig contains the base64 encoded version of the signedDsseV1Payload+    signature.setSig(Base64.getEncoder().encodeToString(signedDsseV1Payload));+    // Let's complete the envelope+    envelope.setPayload(base64EncodedStatement);+    envelope.setSignatures(List.of(signature));+    return envelope;+  }++  /**+   * Generates the Pre-Authentication Encoding+   *<pre>+   * "DSSEv1" + SP + LEN(type) + SP + type + SP + LEN(body) + SP + body+   *+   * where:+   * + = concatenation+   * SP = ASCII space [0x20]+   * "DSSEv1" = ASCII [0x44, 0x53, 0x53, 0x45, 0x76, 0x31]+   * LEN(s) = ASCII decimal encoding of the byte length of s, with no leading zeros+   *<pre/>+   * @param payloadType the type of payload. Fixed for in-toto Envelopes+   * @param payload the base64 encoded Statement in JSON+   * @return will return a Pre Authentication Encoding String.+   */+  public static String createPreAuthenticationEncoding(String payloadType, String payload) {+    return String.format(+        "DSSEv1 %d %s %d %s", payloadType.length(), payloadType, payload.length(), payload);

Does this handle multi-byte UTF-8 characters properly? Could you add a test for that?

Alos

comment created time in a day

PullRequestReviewEvent

create barnchMarkLodato/slsa

branch : source-link

created branch time in a day

PR opened slsa-framework/slsa

Link to specific blob in GitHub.

In the footer "View on GitHub" link, we now link to the specific Markdown page rather than the top-level site. This makes it easier to edit the page and view the source.

Signed-off-by: Mark Lodato lodato@google.com

+1 -1

0 comment

1 changed file

pr created time in a day

push eventslsa-framework/slsa

Mark Lodato

commit sha 326c79f3f084e486fc12c24bad1c121878467d58

Community meeting is bi-weekly, not bi-monthly. Signed-off-by: Mark Lodato <lodato@google.com>

view details

Mark Lodato

commit sha a0260994d3cb9be235423ded9b30e0eed785249f

Merge pull request #169 from MarkLodato/weekly Community meeting is bi-weekly, not bi-monthly.

view details

push time in a day

delete branch MarkLodato/slsa

delete branch : weekly

delete time in a day

PR merged slsa-framework/slsa

Community meeting is bi-weekly, not bi-monthly.

Signed-off-by: Mark Lodato lodato@google.com

+2 -2

0 comment

2 changed files

MarkLodato

pr closed time in a day

create barnchMarkLodato/slsa

branch : weekly

created branch time in a day

PR opened slsa-framework/slsa

Community meeting is bi-weekly, not bi-monthly.

Signed-off-by: Mark Lodato lodato@google.com

+2 -2

0 comment

2 changed files

pr created time in a day

push eventMarkLodato/slsa-provenance-scraper

Mark Lodato

commit sha 9472693351bd2fe017ddfcf4ffc804cfa372f1ed

add README

view details

push time in 2 days

push eventMarkLodato/slsa-provenance-scraper

Mark Lodato

commit sha c5323a6f7dff0daa18930716d171793ebe552994

add README

view details

push time in 2 days

create barnchMarkLodato/slsa-provenance-scraper

branch : main

created branch time in 2 days

created repositoryMarkLodato/slsa-provenance-scraper

created time in 2 days

PullRequestReviewEvent

issue commentslsa-framework/github-actions-demo

GitHub- vs Self-Hosted detection is inaccurate.

Another idea: Download all workflow run logs. The first line indicates whether it's github- or self-hosted. That would require the provenance generator to have access to the logs, which is not ideal, and when doing it mid-run, I'm not sure if there are race conditions where that wouldn't work well.

MarkLodato

comment created time in 7 days

issue openedslsa-framework/github-actions-demo

GitHub- vs Self-Hosted detection is inaccurate.

The detection of GitHub-hosted runner vs Self-hosted runner is inaccurate. What we want to know is "did all jobs use GitHub-hosted runners?" Instead, the current code says "does the current job (creating the provenance) use a GitHub-hosted runner." Is it possible to actually check what we need?

An ugly idea is to parse the yaml to check all the runs-on fields, but that both (a) requires fetching and parsing the yaml, which is terrible, and (b) properly identifying which are github-hosted and which are self-hosted.

Any better ideas?

created time in 7 days

issue commentslsa-framework/azure-devops-demo

Fix recipe and materials

There is a similar issue with self-hosted runners, which applies to both Azure Pipelines and GitHub Actions. Each individual job within a workflow can use its own runner, so there is no workflow-wide property that says "all steps were run on hosted runners."

MarkLodato

comment created time in 7 days

issue commentslsa-framework/slsa

Easy way to view versioned SLSA

That would work! To me the big challenge is all the styling - HTML, CSS, Jekyll. Not my area of expertise. :-)

joshuagl

comment created time in 7 days

issue commentslsa-framework/azure-devops-demo

Fix recipe and materials

Hi @gattjoe, sorry for the long delay. I was on leave.

We have the same issue with Google Cloud Build (GCB), where we can't tell whether the build steps come from YAML or from the GUI. (@msuozzo @TomHennen FYI.) For now, I think it's OK to say that we can't detect it, then add it later if we figure out a way (say by the API). I'll take a look. Thanks for the research!

I'll do a little more research then send you a pull request for the fields!

MarkLodato

comment created time in 7 days

issue commentslsa-framework/slsa

Indicating SLSA versions for policy evaluation

I think tooling should indicate (or allow users to choose?) which version of the SLSA framework is being used. Maybe down the road the levels will be stable enough that it won't be an issue, but for now I think that there's still enough in flux that versioning is useful.

joshuagl

comment created time in 7 days

issue commentslsa-framework/slsa

Easy way to view versioned SLSA

Definitely! Suggestions / pull requests on how to do this would be we welcome.

Also, we currently have two different versions: the version of the spec (levels + requirements) and the version of the provenance schema. So we probably won't version the entire website.

joshuagl

comment created time in 7 days