Add model signing as a sandbox project #347
Conversation
|
changing to draft as there needs to be some work regarding repo |
mihaimaruseac
force-pushed
the
model-signing-project
branch
from
d15ae89 to
cdc03f9
Compare
|
I think the naming needs some work. First the repo is called model_transparency but the proposed project name is "Model Signing". Then looking into the repo README it appears that model signing is only part of what's being done (i.e., Model Signing + SLSA). Finally, "Model Transparency" is actually a complex topic which is quite broader than what this project aims to tackle. See The Foundation Model Transparency Index. So, while I'm not really sure what name should be used I think this ought to be sorted out. We should find another name and rename the repo accordingly to get everything aligned. |
|
Yes, the repo confusion is why I made this as a draft for now, apologies for the notifications. The sigstore/model_transparency repo and the SIG (to become project) repo should be different entities, since they had different histories. I'll update this PR with better naming and documentation, pending some external discussions. |
|
@mihaimaruseac Bumping this PR. Please let us know if/how the TAC can help the Project sort things out. |
|
Sorry, got delayed with a bunch of other items and missed this one. Will do by the end of the week. Thank you for the nudge |
mihaimaruseac
force-pushed
the
model-signing-project
branch
from
fcd33f4 to
803e00d
Compare
|
Made it clearer that we have 2 separate repositories, under 2 separate organizations. The model signing SIG (to become project) under the AI/ML WG will have a repo under OpenSSF for the work regarding standardizations, efficiency, etc., but the technical signing work that is developed as part of sigstore/model-transparency will stay with Sigstore, since it encompasses more than what the SIG (to become project) aims to do. Force pushed an amended commit and marked the PR as ready for review. Apologies it took so long to do this. |
mihaimaruseac
changed the title
lehors
force-pushed
the
model-signing-project
branch
from
803e00d to
1b68c71
Compare
marcelamelara
added
TI Lifecycle
There was a problem hiding this comment.
Thanks for the updates @mihaimaruseac ! I have a couple of suggestions related to making the scope of the project clearer, but otherwise, I think this application is almost ready to go.
process/project-lifecycle-documents/model_signing_sandbox_stage.md
Outdated
Show resolved
Hide resolved
mihaimaruseac
force-pushed
the
model-signing-project
branch
from
1b68c71 to
7e0ad88
Compare
We have a working group that meets for model signing work, as part of ossf/ai-ml-security#10. Since this working group helps in developing https://github.com/sigstore/model-transparency and building standards around it, it needs to be officially a project, not a WG. We add the project at a sandbox stage. Please note that there are 2 repos invovled here: - https://github.com/sigstore/model-transparency which will be owned by Sigstore and is just the implementation work for the library for model signing - a new repository to be created under https://github.com/ossf to represent standard documents, as outputs of this project These two repositories should work in unison to achieve a common goal. Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
mihaimaruseac
force-pushed
the
model-signing-project
branch
from
7e0ad88 to
8f7b73a
Compare
|
Thank you for the reviews! Updated and rebased on latest |
We have a working group that meets for model signing work, as part of ossf/ai-ml-security#10. Since this working group helps in developing https://github.com/sigstore/model-transparency and building standards around it, it needs to be officially a project, not a WG.
We add the project at a sandbox stage.
Please note that there are 2 repos invovled here:
These two repositories should work in unison to achieve a common goal.