Home

Awesome

wg-securing-software-repos

OpenSSF Working Group on Securing Software Repositories

Motivation

This working group is for and focuses on the maintainers of software repositories, software registries, and tools which rely on them, at various levels including system, language, plugin, extensions and container systems. It provides a forum to share experiences and to discuss shared problems, risks and threats.

Objective

The working group may create:

Antigoals

Published work

See also https://repos.openssf.org/

Projects

NameRepository/Home PageNotesStatus
Repository Service for TUFhttps://github.com/repository-service-tuf/repository-service-tufMeeting NotesSandbox

Governance

The CHARTER.md outlines the scope and governance of our group activities, as well as the maintainers of this repository.

This group is co-chaired by Dustin Ingram and Zach Steindler.

Communication

Meeting times

Zoom every other Wednesday, alternating between EMEA (13:00 UTC) and APAC-friendly times (22:00 UTC).

The meeting invite is available on the public OSSF calendar.

Meeting Notes

Meeting notes are maintained in a Google Doc. If attending please add your name, and if a returning attendee, please change the color of your name from gray to black.

Antitrust Policy Notice

Linux Foundation meetings involve participation by industry competitors, and it is the intention of the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws.

Examples of types of actions that are prohibited at Linux Foundation meetings and in connection with Linux Foundation activities are described in the Linux Foundation Antitrust Policy available at http://www.linuxfoundation.org/antitrust-policy. If you have questions about these matters, please contact your company counsel, or if you are a member of the Linux Foundation, feel free to contact Andrew Updegrove of the firm of Gesmer Updegrove LLP, which provides legal counsel to the Linux Foundation.

Intellectual Property

In accordance with the OpenSSF Charter (PDF), work produced by this group is licensed as follows:

  1. Software source code: Apache License, Version 2.0, available at https://www.apache.org/licenses/LICENSE-2.0;
  2. Data: Any of the Community Data License Agreements, available at https://www.cdla.io;
  3. Specifications: Community Specification License, Version 1.0, available at https://github.com/CommunitySpecification/1.0;
  4. All other Documentation: Creative Commons Attribution 4.0 International License, available at https://creativecommons.org/licenses/by/4.0/