Major rework of chart_format.md

docs/design/provenance_proposal.md

+_Note: When a chart file is deployed, a [provenance file](#the-provenance-file) is generated for the chart. That file is not stored inside of the chart, but is considered part of the chart’s packaged format._
+
+Testing and provenancing attach badges to the Chart that attest to its quality and provenance. 
+
+### The Provenance File
+
+The provenance file contains a chart’s YAML file plus several pieces of verification information. Provenance files are designed to be automatically generated.
+
+
+The following pieces of provenance data are added:
+
+
+* The chart file (Chart.yaml) is included to give both humans and tools an easy view into the contents of the chart.
+* Every image file that the project references is checksummed (SHA-256?), and the sum included here. If two versions of the same image are used by the template, both checksums are included.
+* The signature (SHA-256) of the chart package (the .tgz file) is included, and may be used to verify the integrity of the chart package.
+* The entire body is signed using PGP (see [http://keybase.io] for an emerging way of making crypto signing and verification easy).
+
+
+The combination of this gives users the following assurances:
+
+
+* The images this chart references at build time are still the same exact version when installed (checksum images).
+   * This is distinct from asserting that the image Kubernetes is running is exactly the same version that a chart references. Kubernetes does not currently give us a way of verifying this.
+* The package itself has not been tampered with (checksum package tgz).
+* The entity who released this package is known (via the GPG/PGP signature).
+
+
+The format of the file is as follows:
+
+```
+-----BEGIN PGP SIGNED MESSAGE-----
+name: nginx
+description: The nginx web server as a replication controller and service pair.
+version: 0.5.1
+keywords:
+  - https
+  - http
+  - web server
+  - proxy
+source: https://github.com/foo/bar
+home: http://nginx.com
+depends:
+        kubernetes:
+                version: >= 1.0.0
+---
+files:
+        nginx-0.5.1.tgz: “sha256:9f5270f50fc842cfcb717f817e95178f”
+images:
+        “hub.docker.com/_/nginx:5.6.0”: “sha256:f732c04f585170ed3bc99”
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (GNU/Linux)
+
+
+iEYEARECAAYFAkjilUEACgQkB01zfu119ZnHuQCdGCcg2YxF3XFscJLS4lzHlvte
+WkQAmQGHuuoLEJuKhRNo+Wy7mhE7u1YG
+=eifq
+-----END PGP SIGNATURE-----
+```
+
+Note that the YAML section contains two documents (separated by ---\n). The first is the Chart.yaml. The second is the checksums, defined as follows.
+
+
+* Files: A map of filenames to SHA-256 checksums (value shown is fake/truncated)
+* Images: A map of image URLs to checksums (value shown is fake/truncated)
+
+
+The signature block is a standard PGP signature, which provides [tamper resistance](http://www.rossde.com/PGP/pgp_signatures.html).

docs/design/user_stories.md

+## Appendix A: User Stories for Charts
+
+Personas:
+
+- Operator: Responsible for running an application in production.
+- Chart Dev: Responsible for developing new charts
+- App Dev: Developer who creates applications that make use of existing charts, but does not create charts.
+
+
+Stories:
+
+- As an operator, I want a deployment that is 100% reproducible (exact versions)
+- As an app dev, I want to be able to search for charts using keys defined in the [chart file](#the-chart-file)...
+        * by keyword, where one app may have multiple keywords (e.g. Redis has storage, message queue)
+        * by name (meaning name of the chart), where name may be "fuzzy".
+        * by author
+        * by last updated date
+- As a chart dev, I want a well-defined set of practices to follow
+- As a chart dev, I want to be able to work with a team on the same chart
+- As a chart dev, I want to be able to indicate when a particular chart is stable, and how stable it is
+- As a chart dev, I want to indicate the role I played in building a chart
+- As a chart dev, I want to be able to use all of the low-level Kubernetes kinds
+- As an operator, I want to be able to determine how stable a package is
+- As an operator, I want to be able to determine what version of Kubernetes I need to run a chart
+- As an operator, I want to determine whether a chart requires extension kinds (e.g. DaemonSet or something custom), and determine this _before_ I try to install
+- As a chart dev, I want to be able to express that my chart depends on others, even to the extent that I specify the version or version range of the other chart upon which I depend
+- As a chart dev, I do not want to install additional tooling to write, test, or locally run a chart (this relates to the file format in that the format should not require additional tooling)
+- As a chart dev, I want to be able to store auxiliary files of arbitrary type inside of a chart (e.g. a PDF with documentation)
+- As a chart dev, I want to be able to store my chart in one repository, but reference a chart in another repository
+- As a chart dev, I want to embed my template inside of the code that it references. For example, I want to have the code to build a docker image and the chart to all live in the same source code repository.
+
+
+

docs/workflow/team-workflows.md

@@ -16,7 +16,7 @@ against other workflows.
 
 ### Helm Official
 
-The _Helm Official_ project focuses on maintaining a repository of high-quality production-ready charts. Charts may be contributed by anyone in the broad community, and they are vetted and maintained by the Helm Official core contributors.
+The _Helm Official_ project focuses on maintaining a repository of high-quality production-ready charts. Charts may be contributed by anyone in the broad community, and they are vetted and maintained by the charts-maintainers team in the Github Kubernetes organization.
 
 Stage | Devel | Review | Release | Store | Use
 ------|-------|--------|---------|-------|-----