-
Notifications
You must be signed in to change notification settings - Fork 57
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(publish): staff ship support --provenance
flag
#608
Comments
@ljharb apologies - was still flushing out the issue when you commented - this is a tracking issue for the team. What may be notable here is that this is likely to be a branch/pr for staff ship purposes. |
@steiza can you help us here what is the |
The Linux Foundation privacy statement isn't published yet. When it is, we'll definitely want to reference it, although I'm not sure we need to show it every time someone calls Here's the draft language that is likely to be similar to what the Linux Foundation will publish . And we're tracking the publishing on the Sigstore side at sigstore/community#192 |
What about the |
Maybe something along the lines of "support for this feature is not yet public"? To clarify, is this something we're thinking of adding to the npm CLI The private beta (targeting mid-January) is a different story - although for that we'll have a 1.x release of https://www.npmjs.com/package/sigstore and (I believe we agreed on!) then that the functionality would then be included in the npm CLI Does that make sense? Are there things I'm not thinking about here? |
@steiza this make sense |
Makes sense. I'll strike out that item and consider this task done. |
Summary
Support for the new build attestation generation/uploading when the
--provenance
flag is configured (ref. npm/rfcs#626).Exit Criteria
create warning this is experimentalThe text was updated successfully, but these errors were encountered: