nonspec: Create dedicated current activities page

docs/_data/nav/draft.yml

@@ -4,6 +4,10 @@
 - title: Overview
   url: /spec/draft/
 
+- title: Current activities
+  url: /current-activities
+  description: What the SLSA community is currently working on
+
 - title: Understanding SLSA
   description: >
     These pages provide an overview of SLSA, how it helps protect against common

docs/_data/nav/v1.0.yml

@@ -4,6 +4,10 @@
 - title: Overview
   url: /spec/v1.0/
 
+- title: Current activities
+  url: /current-activities
+  description: What the SLSA community is currently working on
+
 - title: Understanding SLSA
   description: >
     These pages provide an overview of SLSA, how it helps protect against common

docs/_data/nav/v1.1.yml

@@ -4,6 +4,10 @@
 - title: Overview
   url: /spec/v1.1/
 
+- title: Current activities
+  url: /current-activities
+  description: What the SLSA community is currently working on
+
 - title: Understanding SLSA
   description: >
     These pages provide an overview of SLSA, how it helps protect against common

docs/community.md

@@ -67,28 +67,6 @@ developing tooling, we welcome your contributions.
         </div>
     </div>
 </section>
-<section class="section bg-green-dark flex justify-center items-center">
-    <div class="wrapper inner w-full">
-        <div class="md:flex justify-between items-start text-white">
-            <div class="text w-full md:w-1/3">
-<div class="h2 p-0 -mt-16 mb-8 md:mb-0">
-
-## Project status
-
-</div>
-            </div>
-            <div class="w-full md:w-1/2">
-                <div class="rounded-lg text-green p-5 border border-green-400 inline-block mb-8 h4">SLSA v1.0 is available now!</div>
-                <p>
-                <a href="spec/v1.0/">SLSA v1.0</a> is now available, released in April 2023.
-                We expect the specification to remain stable, with future versions expanding its breadth and depth.
-                For more information about this release, see <a href="/spec/v1.0/whats-new">What's new in v1.0</a>.
-                <br><br>
-Google has been using an internal version of SLSA since 2013 and requires it for all of their production workloads.</p>
-            </div>
-        </div>
-    </div>
-</section>
 <section class="section bg-pastel-green">
     <div class="wrapper inner w-full">
         <div class="flex flex-col justify-center items-center mb-8 w-2/3 mx-auto md:pl-5">

docs/current-activities.md

@@ -0,0 +1,42 @@
+---
+title: Current activities
+description: There's an active community of members, contributors and collaborators working to enhance the SLSA specification with updates to existing and new tracks. This page provides a summary of current ongoing activities.
+layout: standard
+---
+
+Since the release of <a href="spec/v1.0/">SLSA v1.0</a> in 2023,
+the SLSA community has been hard at work to expand the breadth
+and depth of the specification with updates and new tracks.
+
+Learn how you can [get involved](/community#get-involved)!
+
+### Source track
+
+A Source track will provide protection against tampering of the source code
+prior to the build.
+
+The current [draft version](/spec/draft/source-requirements.md) describes levels
+of increasing tamper resistance and ways consumers might verify properties
+of source revisions using SLSA source provenance attestations.
+
+### Build Environment track
+
+The goal of a Build Environment track is to enable the detection of tampering
+with core components of the compute environment executing builds.
+
+The current [draft version](/spec/draft/attested-build-env-levels.md)
+of the Build Environment track includes the following requirements:
+
+-   Generation and verification of SLSA Build Provenance for build images.
+-   Validation of initial build environment system state against known good
+    reference values.
+-   Deployment of the hosted build platform on a compute system that supports
+    system state measurement and attestation capabilities at the hardware level.
+
+These requirements are **subject to significant change** while this track
+is in draft.
+
+### Dependency track
+
+Building upon the foundation laid by [S2C2F](https://openssf.org/projects/s2c2f/), the depedency track defines
+requirements for consuming dependencies.

docs/index.md

@@ -205,16 +205,21 @@ testimonials:
 </section>
 <section class="section bg-green-dark flex justify-center items-center">
     <div class="wrapper inner w-full">
-        <div class="flex flex-wrap justify-between items-start text-white">
+        <div class="md:flex justify-between items-start text-white">
             <div class="text w-full md:w-1/3">
-                <p class="h2 p-0">Project status</p>
+<div class="h2 p-0 -mt-16 mb-8 md:mb-0">
+
+## Project status
+
+</div>
             </div>
             <div class="w-full md:w-1/2">
-                <div class="rounded-lg text-green p-5 border border-green-400 inline-block mt-8 md:mt-0 mb-8 h4 font-semibold">SLSA v1.0 is available now!</div>
+                <div class="rounded-lg text-green p-5 border border-green-400 inline-block mb-8 h4">SLSA v1.0 is available now!</div>
                 <p>
-                <a href="spec/v1.0/">SLSA v1.0</a> is now available, released in April 2023.
-                We expect the specification to remain stable, with future versions expanding its breadth and depth.
-                For more information about this release, see <a href="/spec/v1.0/whats-new">What's new in v1.0</a>.
+                The community has been hard at work since the release of
+                <a href="spec/v1.0/">SLSA v1.0</a> in 2023 to expand the breadth
+                and depth of the specification with updates and new tracks.
+                For more information, see our <a href="/spec/current-activities">current activities</a> page!
                 <br><br>
 Google has been using an internal version of SLSA since 2013 and requires it for all of their production workloads.</p>
             </div>

docs/spec/draft/future-directions.md

@@ -32,40 +32,6 @@ following requirements, which **may or may not** be part of a future Build L4:
 
 </section>
 
-<section id="source-track">
-
-## Source track
-
-A Source track will provide protection against tampering of the source code
-prior to the build.
-
-The current [draft version (v1.1)](source-requirements.md) describes levels
-of increasing tamper resistance and ways consumers might verify properties
-of source revisions using SLSA source provenance attestations.
-
-</section>
-
-<section id="buildenv-track">
-
-## Build Environment track
-
-The goal of a Build Environment track is to enable the detection of tampering
-with core components of the compute environment executing builds.
-
-The current [draft version](../draft/attested-build-env-levels.md)
-of the Build Environment track includes the following requirements:
-
--   Generation and verification of SLSA Build Provenance for build images.
--   Validation of initial build environment system state against known good
-    reference values.
--   Deployment of the hosted build platform on a compute system that supports
-    system state measurement and attestation capabilities at the hardware level.
-
-These requirements are **subject to significant change** while this track
-is in draft.
-
-</section>
-
 <section id="build-platform-operations-track">
 
 ## Build Platform Operations track

docs/spec/draft/onepage.md

@@ -8,6 +8,6 @@ A single page containing all the following files as different sections
 {%- endcomment -%}
 
 {% assign dir = "/spec/draft/" %}
-{% assign filenames = "whats-new,about,threats-overview,use-cases,principles,faq,future-directions,terminology,levels,requirements,distributing-provenance,verifying-systems,verifying-artifacts,threats,source-requirements,provenance,verification_summary" %}
+{% assign filenames = "whats-new,about,current-activities,threats-overview,use-cases,principles,faq,future-directions,terminology,levels,requirements,distributing-provenance,verifying-systems,verifying-artifacts,threats,source-requirements,provenance,verification_summary" %}
 
 {% include onepage.liquid dir=dir filenames=filenames %}

docs/spec/draft/threats.md

@@ -57,7 +57,7 @@ This includes the threat of an authorized individual introducing an unauthorized
 change---in other words, an insider threat.
 
 SLSA v1.0 does not address source threats, but we anticipate doing so in a
-[future version](future-directions.md#source-track). In the meantime, the
+[future version](current-activities.md#source-track). In the meantime, the
 threats and potential mitigations listed here show how SLSA v1.0 can fit into a
 broader supply chain security program.
 
@@ -886,7 +886,7 @@ output artifact.
 including OS images, as any other artifact to be verified prior to use.
 The threats described in this document apply recursively to build tooling
 as do the mitigations and examples.  A future
-[Build Environment track](future-directions#build-environment-track) may
+[Build Environment track](current-activities#build-environment-track) may
 provide more comprehensive guidance on how to address more specfiic
 aspects of this threat.
 

docs/spec/v1.0/onepage.md

@@ -8,6 +8,6 @@ A single page containing all the following files as different sections
 {%- endcomment -%}
 
 {% assign dir = "/spec/v1.0/" %}
-{% assign filenames = "whats-new,about,threats-overview,use-cases,principles,faq,future-directions,terminology,levels,requirements,distributing-provenance,verifying-systems,verifying-artifacts,threats,provenance,verification_summary" %}
+{% assign filenames = "whats-new,about,current-activities,threats-overview,use-cases,principles,faq,future-directions,terminology,levels,requirements,distributing-provenance,verifying-systems,verifying-artifacts,threats,provenance,verification_summary" %}
 
 {% include onepage.liquid dir=dir filenames=filenames %}

docs/spec/v1.1/future-directions.md

@@ -32,27 +32,6 @@ following requirements, which **may or may not** be part of a future Build L4:
 
 </section>
 
-<section id="source-track">
-
-## Source track
-
-A Source track could provide protection against tampering of the source code
-prior to the build.
-
-The initial [draft version (v0.1)](../v0.1/requirements.md#source-requirements)
-of SLSA included the following source requirements, which **may or may not**
-form the basis for a future Source track:
-
--   Strong authentication of author and reviewer identities, such as 2-factor
-    authentication using a hardware security key, to resist account and
-    credential compromise.
--   Retention of the source code to allow for after-the-fact inspection and
-    future rebuilds.
--   Mandatory two-person review of all changes to the source to prevent a single
-    compromised actor or account from introducing malicious changes.
-
-</section>
-
 <section id="build-platform-operations-track">
 
 ## Build Platform Operations track

docs/spec/v1.1/onepage.md

@@ -8,6 +8,6 @@ A single page containing all the following files as different sections
 {%- endcomment -%}
 
 {% assign dir = "/spec/v1.1/" %}
-{% assign filenames = "whats-new,about,threats-overview,use-cases,principles,faq,future-directions,terminology,levels,requirements,distributing-provenance,verifying-systems,verifying-artifacts,threats,provenance,verification_summary" %}
+{% assign filenames = "whats-new,about,current-activities,threats-overview,use-cases,principles,faq,future-directions,terminology,levels,requirements,distributing-provenance,verifying-systems,verifying-artifacts,threats,provenance,verification_summary" %}
 
 {% include onepage.liquid dir=dir filenames=filenames %}

docs/spec/v1.1/threats.md

@@ -64,7 +64,7 @@ This includes the threat of an authorized individual introducing an unauthorized
 change---in other words, an insider threat.
 
 SLSA v1.0 does not address source threats, but we anticipate doing so in a
-[future version](future-directions.md#source-track). In the meantime, the
+[future version](current-activities.md#source-track). In the meantime, the
 threats and potential mitigations listed here show how SLSA v1.0 can fit into a
 broader supply chain security program.