From 6adf8bbb9dfe22dca9a02585dea8452de7d46b2f Mon Sep 17 00:00:00 2001
From: Evan Anderson <evan.k.anderson@gmail.com>
Date: Tue, 21 Jan 2025 13:42:42 -0800
Subject: [PATCH] Clarify that OSPS-AC-02 applies primarily to self-hosted
 solutions (#151)

* Move OSPS-AC-02 to level 3 based on level criteria

Signed-off-by: Evan Anderson <evan@stacklok.com>

* Apply funnelfiasco's suggested wording change

Signed-off-by: Evan Anderson <evan@stacklok.com>

* Update baseline/OSPS-AC.yaml

Co-authored-by: Eddie Knight <knight@linux.com>
Signed-off-by: Evan Anderson <evan.k.anderson@gmail.com>

---------

Signed-off-by: Evan Anderson <evan@stacklok.com>
Signed-off-by: Evan Anderson <evan.k.anderson@gmail.com>
Co-authored-by: Eddie Knight <knight@linux.com>
---
 baseline/OSPS-AC.yaml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/baseline/OSPS-AC.yaml b/baseline/OSPS-AC.yaml
index 59b9784..f605b6d 100644
--- a/baseline/OSPS-AC.yaml
+++ b/baseline/OSPS-AC.yaml
@@ -50,8 +50,9 @@ criteria:
       the project's repository by limiting the
       permissions granted to collaborators.
     details: |
-      Configure the project's version control
-      system to assign the lowest available
+      Most public version control systems are configured
+      in this manner. Ensure the project's version control
+      system always assigns the lowest available
       permissions to collaborators by default when
       added, granting additional permissions only
       when necessary.