search

ossf / wg-supply-chain-integrity

Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the code they maintain, produce and use.
https://openssf.org
Apache License 2.0
174 stars 33 forks source link

Trusted Repo Security SIG Proposal #80

Open afmarcum opened 1 month ago

afmarcum commented 1 month ago

The Trusted Repository Security Initiative Task Force was created from roundtables at the Secure OSS Policy Summit in Washington D.C. in Sept. 2023 and would like to work as a SIG within the Supply Chain Integrity WG.

The proposal of the focus, intent, goals, and/or deliverables of the SIG is captured here.

Initial membership consists of @msilverman-fsisac, @AevaOnline and others, which meets the sandbox SIG requirements. Other interested parties include @jkjell and @hepwori.

The group is looking for the SCI WG to agree to be the governing body for the Trusted Repo Security SIG. If a vote is required, would the June 5, 2024 WG meeting provide enough time to review?

ddmiket commented 1 week ago

I would like to be added to the list of initial membership please. I helped edit the original proposal/goal document that led to this SIG.