Closed SecurityCRob closed 3 months ago
Should there be a requirement for a LICENSE.md file?
Should there be a requirement for a LICENSE.md file?
It wasn't changed in this pull request, but the project template has an existing section "IP policy and licensing due diligence"
What do we consider a "consistent release cadence" to be? I believe this needs to be less subjective. Are we thinking at least once a year? every couple of years?
Way may want to have them either point to a Specific SLSA Track in the framework, point to the use of a different framework and justify why. If the desire is to use the SLSA framework then the track used and adherence to the track should be discussed in previous stages. Consider feasibility stage and security requirements.
5 of 9 TAC members have approved. merging
Per the exemplar xls I shared with the TAC, here is what changes I feel need to be made to our template. Feedback/edits please