nonspec: Split Tracks out of the Draft specification into separate specs

docs/_data/nav/main.yml

@@ -8,17 +8,17 @@
   url: /current-activities
   description: What the SLSA community is currently working on
 
-- title: SLSA Specification 1.1 Draft
+- title: SLSA 1.1 Draft
   description: >
-    These pages describe SLSA's security levels and requirements for each track.
+    This section describes SLSA's security levels and requirements for each track.
     If you want to achieve SLSA a particular level, these are the requirements
     you'll need to meet.
   url: /spec/v1.1/
   children:
 
   - title: Understanding SLSA
     description: >
-      These pages provide an overview of SLSA, how it helps protect against common
+      This section provides an overview of SLSA, how it helps protect against common
       supply chain attacks, and common use cases. If you're new to SLSA or
       supply chain security, start here.
     children:
@@ -53,7 +53,7 @@
 
   - title: Core specification
     description: >
-      These pages describe SLSA's security levels and requirements for each track.
+      This section describes SLSA's security levels and requirements for each track.
       If you want to achieve SLSA a particular level, these are the requirements
       you'll need to meet.
     children:
@@ -88,7 +88,7 @@
 
   - title: Attestation formats
     description: >
-      These pages include the concrete schemas for SLSA attestations. The
+      This section includes the concrete schemas for SLSA attestations. The
       Provenance and VSA formats are recommended, but not required by the
       specification.
     children:
@@ -109,17 +109,17 @@
     url: /spec/v1.1/onepage
     skip_next_prev: true  # don't show as a next/prev link
 
-- title: SLSA Specification 1.0
+- title: SLSA 1.0
   description: >
-    These pages describe SLSA's security levels and requirements for each track.
+    This section describes SLSA's security levels and requirements for each track.
     If you want to achieve SLSA a particular level, these are the requirements
     you'll need to meet.
   url: /spec/v1.0/
   children:
 
   - title: Understanding SLSA
     description: >
-      These pages provide an overview of SLSA, how it helps protect against common
+      This section provides an overview of SLSA, how it helps protect against common
       supply chain attacks, and common use cases. If you're new to SLSA or
       supply chain security, start here.
     children:
@@ -154,7 +154,7 @@
 
   - title: Core specification
     description: >
-      These pages describe SLSA's security levels and requirements for each track.
+      This section describes SLSA's security levels and requirements for each track.
       If you want to achieve SLSA a particular level, these are the requirements
       you'll need to meet.
     children:
@@ -189,7 +189,7 @@
 
   - title: Attestation formats
     description: >
-      These pages include the concrete schemas for SLSA attestations. The
+      This section includes the concrete schemas for SLSA attestations. The
       Provenance and VSA formats are recommended, but not required by the
       specification.
     children:
@@ -210,13 +210,13 @@
     url: /spec/v1.0/onepage
     skip_next_prev: true  # don't show as a next/prev link
 
-- title: SLSA Working Draft
+- title: SLSA Draft
   url: /spec/draft/
   children:
 
   - title: Understanding SLSA
     description: >
-      These pages provide an overview of SLSA, how it helps protect against common
+      This section provides an overview of SLSA, how it helps protect against common
       supply chain attacks, and common use cases. If you're new to SLSA or
       supply chain security, start here.
     children:
@@ -251,50 +251,25 @@
 
   - title: Core specification
     description: >
-      These pages describe SLSA's security levels and requirements for each track.
-      If you want to achieve SLSA a particular level, these are the requirements
+      This section describes SLSA's security levels and requirements for each track.
+      If you want to achieve a particular SLSA level, these are the requirements
       you'll need to meet.
     children:
 
     - title: Terminology
       url: /spec/draft/terminology
       description: Terminology and model used by SLSA
 
-    - title: Security levels
+    - title: Security levels and tracks
       url: /spec/draft/levels
       description: Overview of SLSA's tracks and levels, intended for all audiences
-
-    - title: Producing artifacts
-      url: /spec/draft/requirements
-      description: Detailed technical requirements for producing software artifacts, intended for platform implementers
-
-    - title: Distributing provenance
-      url: /spec/draft/distributing-provenance
-      description: Detailed technical requirements for distributing provenance, intended for platform implementers and software distributors
-
-    - title: Verifying artifacts
-      url: /spec/draft/verifying-artifacts
-      description: Guidance for verifying software artifacts and their SLSA provenance, intended for platform implementers and software consumers
-
-    - title: Verifying build platforms
-      url: /spec/draft/verifying-systems
-      description: Guidelines for securing SLSA Build L3+ builders, intended for platform implementers
-
-    - title: Integrity levels for attested build environments
-      url: /spec/draft/attested-build-env-levels
-      description: Overview of SLSA's Attested Build Environment track, intended for all audiences
-
     - title: Threats & mitigations
       url: /spec/draft/threats
       description: Detailed information about specific supply chain attacks and how SLSA helps
 
-    - title: Securing Source Code
-      url: /spec/draft/source-requirements
-      description: Overview of the Source track
-
   - title: Attestation formats
     description: >
-      These pages include the concrete schemas for SLSA attestations. The
+      This section includes the concrete schemas for SLSA attestations. The
       Provenance and VSA formats are recommended, but not required by the
       specification.
     children:
@@ -315,6 +290,48 @@
     url: /spec/draft/onepage
     skip_next_prev: true  # don't show as a next/prev link
 
+- title: Build Track 1.0
+  url: /build/v1.0/
+  children:
+
+  - title: Terminology
+    url: /build/v1.0/terminology
+    description: Terminology and model used by SLSA
+
+  - title: Security levels
+    url: /build/v1.0/levels
+    description: Overview of SLSA Build track levels, intended for all audiences
+  - title: Producing artifacts
+    url: /build/v1.0/requirements
+    description: Detailed technical requirements for producing software artifacts, intended for platform implementers
+
+  - title: Distributing provenance
+    url: /build/v1.0/distributing-provenance
+    description: Detailed technical requirements for distributing provenance, intended for platform implementers and software distributors
+
+  - title: Verifying artifacts
+    url: /build/v1.0/verifying-artifacts
+    description: Guidance for verifying software artifacts and their SLSA provenance, intended for platform implementers and software consumers
+
+  - title: Verifying build platforms
+    url: /build/v1.0/verifying-systems
+    description: Guidelines for securing SLSA Build L3+ builders, intended for platform implementers
+
+- title: Source Track Draft
+  url: /source/draft/
+  children:
+
+  - title: Securing Source Code
+    url: /source/draft/source-requirements
+    description: Source track requirements
+
+  - title: Verifying source
+    url: /source/draft/verifying-source
+    description: Guidance for verifying properties of source revisions using SLSA source provenance attestations
+
+- title: Build Env. Track Draft
+  url: /build-env/draft/
+
 - title: How to SLSA
   description: >
     These instructions tell you how to apply the core SLSA specification to use

docs/_redirects

@@ -55,9 +55,11 @@
 /provenance/v1.1        /spec/v1.1/provenance       301
 /provenance/draft       /spec/draft/provenance      301
 
-/spec                   /spec/v1.0              302
-/spec/faq               /spec/v1.0/faq          302
-/spec/v1/*              /spec/v1.0/:splat       302
+/spec                   /spec/v1.0                  302
+/spec/faq               /spec/v1.0/faq              302
+/spec/v1/*              /spec/v1.0/:splat           302
+/spec/current-activities /current-activities        301 # permanent
+/spec/v1.1/current-activities /current-activities   301 # permanent
 
 # Note: Versions prior to v1.0 stay in /verification_summary.
 /verification_summary           /spec/v1.0/verification_summary     302  # floating

docs/spec/draft/attested-build-env-levels.md → docs/build-env/draft/index.md

@@ -1,8 +1,17 @@
 ---
-title: Build Environment track
-description: This page gives an overview of the SLSA Build Environment track and its levels, describing their security objectives and general requirements.
+title: Build Environment Track
+description: The SLSA Build Environment track specification.
+layout: specifications
 ---
 
+{{ page.description }}
+
+SLSA is organized into a series of levels and tracks that provide increasing
+supply chain security guarantees on various aspects of the supply chain
+security. This specification defines the different security levels of the *SLSA
+Build Environment track*. For a general overview see the different [tracks and
+levels].
+
 ## Rationale
 
 Today's hosted [build platforms] play a central role in an artifact's supply
@@ -36,14 +45,14 @@ environment, and the compute platform they used.
 | [BuildEnv L2] | Attested build environment instantiation | Tampering via the build platform's control plane | The compute platform's host interface
 | [BuildEnv L3] | Hardware-attested build environment | Tampering via the compute platform's host interface | The compute platform's hardware
 
-> :warning:
-> The Build Environment track L1+ currently requires a [hosted] build platform.
-> A future version of this track may generalize requirements to cover bare-metal
-> build environments.
+**Warning**:
+The Build Environment track L1+ currently requires a [hosted] build platform.
+A future version of this track may generalize requirements to cover bare-metal
+build environments.
 
-> :grey_exclamation:
-> We may consider the addition of an L4 to the Build Environment track, which
-> covers hardware-attested runtime integrity checking during a build.
+**Note**:
+We may consider the addition of an L4 to the Build Environment track, which
+covers hardware-attested runtime integrity checking during a build.
 
 ### Build environment threats
 
@@ -285,32 +294,33 @@ TODO
 
 <!-- Link definitions -->
 
-[Build L1]: levels.md#build-l1
-[Build L2]: levels.md#build-l2
-[Build L3]: levels.md#build-l3
+[tracks and levels]: ../../spec/draft/levels
+[Build L1]: ../../build/v1.0/levels#build-l1
+[Build L2]: ../../build/v1.0/levels#build-l2
+[Build L3]: ../../build/v1.0/levels#build-l3
 [BuildEnv L0]: #buildenv-l0
 [BuildEnv L1]: #buildenv-l1
 [BuildEnv L2]: #buildenv-l2
 [BuildEnv L3]: #buildenv-l3
 [Release Attestation]: https://github.com/in-toto/attestation/blob/main/spec/predicates/release.md
 [SCAI]: https://github.com/in-toto/attestation/blob/main/spec/predicates/scai.md
 [Secure Boot]: https://wiki.debian.org/SecureBoot#What_is_UEFI_Secure_Boot.3F
-[SLSA Build Provenance]: provenance.md
+[SLSA Build Provenance]: ../../spec/draft/provenance.md
 [TPM]: https://trustedcomputinggroup.org/resource/tpm-library-specification/
-[VSA]: verification_summary.md
-[build image]: terminology.md#build-image
+[VSA]: ../../spec/draft/verification_summary.md
+[build image]: ../../build/v1.0/terminology#build-image
 [confidential computing]: https://confidentialcomputing.io/wp-content/uploads/sites/10/2023/03/Common-Terminology-for-Confidential-Computing.pdf
-[execution context]: terminology.md#build-environment
-[hosted]: requirements.md#isolation-strength
-[boot process]:  terminology.md#boot-process
-[build agent]: terminology.md#build-agent
-[build image producer]: terminology.md#build-image-producer
-[build platforms]: terminology.md#platform
-[compute platform]: terminology.md#compute-platform
-[host interface]: terminology.md#host-interface
-[measurement]: terminology.md#measurement
-[provenance]: terminology.md#provenance
-[quote]: terminology.md#quote
-[reference values]: terminology.md#reference-value
+[execution context]: ../../build/v1.0/terminology#build-environment
+[hosted]: ../../build/v1.0/requirements#isolation-strength
+[boot process]:  ../../build/v1.0/terminology#boot-process
+[build agent]: ../../build/v1.0/terminology#build-agent
+[build image producer]: ../../build/v1.0/terminology#build-image-producer
+[build platforms]: ../../build/v1.0/terminology#platform
+[compute platform]: ../../build/v1.0/terminology#compute-platform
+[host interface]: ../../build/v1.0/terminology#host-interface
+[measurement]: ../../build/v1.0/terminology#measurement
+[provenance]: ../../build/v1.0/terminology#provenance
+[quote]: ../../build/v1.0/terminology#quote
+[reference values]: ../../build/v1.0/terminology#reference-value
 [several classes]: #build-environment-threats
 [vTPM]: https://trustedcomputinggroup.org/about/what-is-a-virtual-trusted-platform-module-vtpm/

docs/spec/draft/distributing-provenance.md → docs/build/v1.0/distributing-provenance.md

@@ -1,6 +1,7 @@
 ---
 title: Distributing provenance
 description: This page covers the detailed technical requirements for distributing provenance at each SLSA level. The intended audience is platform implementers and software distributors.
+layout: specifications
 ---
 
 In order to make provenance for artifacts available after generation

docs/build/v1.0/index.md

@@ -0,0 +1,33 @@
+---
+title: Build Track
+description: The SLSA Build track specification version 1.0.
+layout: specifications
+---
+
+{{ page.description }}
+
+SLSA is organized into a series of levels and tracks that provide increasing
+supply chain security guarantees on various aspects of the supply chain
+security. This specification defines the different security levels of the *SLSA
+Build track*. For a general overview see the different [tracks and levels].
+
+{%- for section in site.data.nav.main %}
+{%- if section.url == page.url and section.children %}
+
+{{ section.description }}
+
+<!-- markdownlint-capture -->
+<!-- markdownlint-disable MD055 MD056 -->
+| Page | Description
+| ---- | -----------
+{%- for child in section.children %}
+| [{{child.title}}]({{child.url | relative_url}}) | {{child.description}}
+{%- endfor %}
+<!-- markdownlint-restore -->
+
+{%- endif %}
+{%- endfor %}
+
+<!-- Link definitions -->
+
+[tracks and levels]: ../../spec/draft/levels