You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I think we can remove it. The caller is identical to the source option provided in the CLI, so that's redundant. The issuer likewise holds little information. It may be good to see which builder was used, but that can be a stderr print line like "Verified build using builder XYZ at commit SHA`.
We output the following by default:
Should we convert this to non-JSON logs or remove entirely?
@SantiagoTorres mentioned offline this is confusing because it's not intoto format.
I think we had this option at the beginning for testing purposes.
I know we expose intoto via the
--print-provenance
, but I'm wondering if the text above causes confusion and should be removed.@ianlewis @asraa @joshuagl
Wdut?
The text was updated successfully, but these errors were encountered: