From de55d755952e8a38927aed4e3bdc74bf80b9169e Mon Sep 17 00:00:00 2001
From: "Lance R. Vick" <lance@lrvick.net>
Date: Tue, 5 Nov 2024 12:14:32 -0800
Subject: [PATCH] Import sigrev draft from scrutinize

---
 README.md => docs/spec.md | 63 ++++++++++++---------------------------
 1 file changed, 19 insertions(+), 44 deletions(-)
 rename README.md => docs/spec.md (57%)

diff --git a/README.md b/docs/spec.md
similarity index 57%
rename from README.md
rename to docs/spec.md
index 1c69c18..4d855ac 100644
--- a/README.md
+++ b/docs/spec.md
@@ -1,12 +1,10 @@
-# Scrutinize Spec
+# SigRev Spec [DRAFT]
 
-April 24, 2024
-
-Version: 0.1
+Version: 0.0
 
 ## Table of Contents
 
-- [Scruitinize Specification](#scrutinize-spec)
+- [SigRev Specification](#SigRev-spec)
   - [Table of Contents](#table-of-contents)
   - [1 Introduction](#1-introduction)
 
@@ -14,9 +12,15 @@ Version: 0.1
 
 ## 1.1 Scope
 
-This document describes scrutinize, a system for securing the way software is
-reviewed. scrutinize attests that software has been independently reviewed. It
-does so by providing users an interface
+This document describes the SigRev specification. A sigrev is a signed document
+in an specified format attesting to the either human or automated review of
+repositories of code in a software supply chain.
+
+It is intended to be agnostic to any particular VCS or code distribution
+method, however references to such systems where available will be defined
+as possible to assist in making it easier for people to find reviews via
+a range of distribution and search tools and databases which are out of scope
+for this document.
 
 VCS Support
 
@@ -24,7 +28,6 @@ VCS Support
 * Mercurial -- `hg+`
 * Subversion -- `svn+`
 
-
 ## Format
 
 | Field Name | Decription | Required |
@@ -47,11 +50,11 @@ VCS Support
 
 ```
 version: 0.1
-reviewer: Danny Grove <danny@dannygrove.com>
-treehash: 9cc0641a294d3ee359ae474aef1a9a6a6657aeb2 
+reviewer: John Doe <jdoe@example.com>
+treehash: 9cc0641a294d3ee359ae474aef1a9a6a6657aeb2
 paths:
-- ./* 
-vcs-ref: git+https://github.com/drGrove/mtls-cli
+- ./*
+vcs-ref: git+https://reposite.com/example-user/example-repo
 type: "security",
 confidence: "high"
 system:
@@ -65,39 +68,11 @@ comments: |
 
 ```
 version: 0.1
-reviewer: Github Action <github-actions[bot]@users.noreply.github.com> 
+reviewer: Reproduction Bot <repro-bot@example.com>
 treehash: a5fc98c3950d7bb6bf083d5e7c08a91ffef990af
 paths:
-- ./* 
-vcs-ref: git+https://git.distrust.co/public/enclaveos
-type: "reproducibility",
-confidence: "high"
-system:
-  platform: amd64
-  location: "GHA" # Github Actions, if you're using self-hosted runners use the runners code. e.g. AWS:us-west-2
-```
-
-```
-version: 0.1
-reviewer: Danny Grove
-treehash: a5fc98c3950d7bb6bf083d5e7c08a91ffef990af
-paths:
-- ./* 
-vcs-ref: git+https://git.distrust.co/public/enclaveos
-type: "reproducibility",
-confidence: "high"
-system:
-  platform: amd64
-  location: "AWS:us-east-1"
-```
-
-```
-version: 0.1
-reviewer: Danny Grove
-treehash: a5fc98c3950d7bb6bf083d5e7c08a91ffef990af
-paths:
-- ./* 
-vcs-ref: git+https://git.distrust.co/public/enclaveos
+- ./*
+vcs-ref: git+https://example.com/public/some-repo
 type: "reproducibility",
 confidence: "high"
 system: