How SIG Release Cooks Trustworthy Artifacts From Raw Source Code

Have you ever wondered how the Kubernetes source code is turned into artifacts for everyone to use? How do you know you can trust those artifacts? Have you heard about signing things and you're not sure how that fits in with Kubernetes? In this Kubernetes Special Interest Group (SIG) Release update, we will give a quick overview of SIG Release, highlight recent accomplishments, review our updated roadmap and discuss our continued efforts to move toward full SLSA (Supply-chain Levels for Software Artifacts) compliance. As part of this, we will deep dive into efforts to move all aspects of the build process and distribution to community controlled infrastructure and our efforts to expand artifact signing beyond just containers. Finally, we’ll talk about how attendees can become involved in SIG Release. These efforts are exciting and important, but we need your help! We’ll discuss how to contribute to SIG Release tooling, the Release Manager role, and discuss our contributor ladder.