Friends -
Probably a lot of you already saw headlines pointing to a 51-page
document released by the Linux Foundation and OpenSSF, titled
The Open Source Software Security Mobilization Plan
https://8112310.fs1.hubspotusercontent-na1.net/hubfs/8112310/OpenSSF/White%20House%20OSS%20Mobilization
Hey Larry,
> [..]
Sorry for the delay in replying to this thread. I had accidentally
misfiled this outside of my "reply to these emails" folder.
Anyway, I hear your frustration that reproducible builds was not
mentioned in this document. And I may also have smirked at the
"Macintosh" in the file
On May 14, 2022, at 12:37 AM, Larry Doolittle wrote:
> Probably a lot of you already saw headlines pointing to a 51-page
document released by the Linux Foundation and OpenSSF, titled
The Open Source Software Security Mobilization Plan
https://8112310.fs1.hubspotusercontent-na1.net/hubfs/8112
On Wed, May 25, 2022 at 02:00:18PM +0100, Chris Lamb wrote:
> Hey Larry,
>
> > [..]
I am listed as a reviewer I believe. I pushed for a bunch of
technologies (reprobuilds included, + in-toto and TUF) but I don't think
I had much of a say what goes in, but rather what was technically wrong.
I thi
It's a shame that the document wasn't more balanced. It seems like it is
really pushing Sigstore, while not a bad project, doesn't have the success
history of RB and the other projects you mentioned. It's insane to me that
they aren't even mentioned while Sigstore is listed ~60+ times! Reading
be
