camaleon2016
commented
4 months ago Should there be a requirement for a LICENSE.md file?
Closed SecurityCRob closed 3 months ago
camaleon2016
commented
4 months ago Should there be a requirement for a LICENSE.md file?
steiza
commented
4 months ago Should there be a requirement for a LICENSE.md file?
It wasn't changed in this pull request, but the project template has an existing section "IP policy and licensing due diligence"
camaleon2016
commented
3 months ago What do we consider a "consistent release cadence" to be? I believe this needs to be less subjective. Are we thinking at least once a year? every couple of years?
camaleon2016
commented
3 months ago Way may want to have them either point to a Specific SLSA Track in the framework, point to the use of a different framework and justify why. If the desire is to use the SLSA framework then the track used and adherence to the track should be discussed in previous stages. Consider feasibility stage and security requirements.
SecurityCRob
commented
3 months ago 5 of 9 TAC members have approved. merging
Per the exemplar xls I shared with the TAC, here is what changes I feel need to be made to our template. Feedback/edits please