Puerco

Links to today's announcements November Patch Releases: https://groups.google.com/u/1/g/kubernetes-dev/c/tYd54493zMw … https://groups.google.com/u/1/g/kubernetes-dev/c/M1z8c4OHTUg … https://groups.google.com/u/1/g/kubernetes-dev/c/pcB0-zszyzg … And v1.23.0-beta.0: https://groups.google.com/u/1/g/kubernetes-dev/c/7ySaSN8xVJc …

Thanks for all your help today cutting the releases! Shout out to @maria_fibonacci @theonlynabarun @onlydole @comedordexis @stephenaugustus @JimmAngel @LeonardPahlke and special thanks to @BenTheElder !

In the next few days, we plan to reach out to our wonderful friends in SIG Security to share our work and find areas where we can work together! (hi @TabbySable @IanColdwater @PuDiJoglekar @reylejano @coffeeartgirl et al!)

But more importantly: this prototype is simply proof that we are now at a point where we have the required data and code to plan towards the future, to the higher SLSA levels Our tools now build on each other. The provenance subjects are built from data in the SBOMs for exmpl

These are of course open for comments and suggestions. Let us know how we can improve the attestations. Some improvements are in the works/and or under discussion. Of note are digital signatures which are under discussion and will soon get an enhancement proposal of their own

Provenance attestations can now be downloaded for each release, they are in-toto statements with SLSA 0.1 predicates in them (v0.2 in the works!). To check out the provenance metadata, download the provenance.json file stored along the K8s source: https://dl.k8s.io/v1.22.4/provenance.json …

November @Kubernetesio patch releases are out! v1.20.13 - v1.21.7 - v1.22.4 These releases are the first to be cut with the complete prototype SLSA 1 compliance code that Release Engineering has been building into our release process for the last few months. Some notes