You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
In the predecessor of AI-controlled CI/CD, understanding provenance as a possible supply chain element is complex. The open source operating system Photon OS uses more than a thousand subcomponents from open source providers. And, the open source license statement usually is static, but from time to time vendors change their license statement or their supply chain elements.
The Photon OS make-build process consists of three phases. Level 1 consists of 16 packages, Level 2 consists of 124 packages, and Level 3 consists of all other packages. The number varies from Photon OS release to Photon OS release, however, in general, the provenance changes of level 3 packages are not continuously monitored and used downstream.
DM me. I would like to discuss some 2025 contribution tasks.
Describe the solution you'd like
Introducing continuous provenance chaining could result in a statistics website with a list per CPU architecture of Photon OS releases, flavors and packages with their license declaration per package version and the provenance changes of level packages that have been detected or have already been tested but not yet integrated, or deprecated and replaced with another component.
Describe alternatives you've considered
The following excel sheets (excel is a database...) have been populated with the old meccano and only contain the topicality data without provenance license data and without package dependencies.
Is your feature request related to a problem? Please describe.
In the predecessor of AI-controlled CI/CD, understanding provenance as a possible supply chain element is complex. The open source operating system Photon OS uses more than a thousand subcomponents from open source providers. And, the open source license statement usually is static, but from time to time vendors change their license statement or their supply chain elements.
The Photon OS make-build process consists of three phases. Level 1 consists of 16 packages, Level 2 consists of 124 packages, and Level 3 consists of all other packages. The number varies from Photon OS release to Photon OS release, however, in general, the provenance changes of level 3 packages are not continuously monitored and used downstream.
DM me. I would like to discuss some 2025 contribution tasks.
Describe the solution you'd like
Introducing continuous provenance chaining could result in a statistics website with a list per CPU architecture of Photon OS releases, flavors and packages with their license declaration per package version and the provenance changes of level packages that have been detected or have already been tested but not yet integrated, or deprecated and replaced with another component.
Describe alternatives you've considered
The following excel sheets (excel is a database...) have been populated with the old meccano and only contain the topicality data without provenance license data and without package dependencies.
photonos-urlhealth-3.0_202412282238.prn.xlsx
photonos-urlhealth-4.0_202412282351.prn.xlsx
photonos-urlhealth-5.0_202412290126.prn.xlsx
photonos-urlhealth-6.0_202412290239.prn.xlsx
photonos-diff-report-3.0-4.0_202412290355.prn.xlsx
photonos-diff-report-4.0-5.0_202412290355.prn.xlsx
photonos-diff-report-5.0-6.0_202412290355.prn.xlsx
photonos-package-report_202412290355.prn.xlsx
Additional context
No response
The text was updated successfully, but these errors were encountered: