| Re: [open-regulatory-compliance] Open Source Steward: Role description |
> On 13 Jun 2024, at 13:10, Salve J. Nilsen via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx> wrote: > > Hei Tobie & all, > > > Hope you're doing well! > > Tobie Langel via open-regulatory-compliance said: > >> I've started a glossary in the repository and added "Open Source Steward" >> to it: >> >> https://gitlab.eclipse.org/eclipse-wg/open-regulatory-compliance-wg/cra-topics/-/blob/main/glossary.md#open-source-steward >> >> Feel free to edit and/or add to it. > > Through my work in the CPAN Security Group, I too have put together a > glossary of terms[1], together with a reading list[2] and an overview of > supply-chain actors/roles and what metadata they may be interested in[3]. > > Although all of these are works-in-progress, please feel free to have a > look to see if any of it is useful! (They're all CC-BY-SA-4.0 :-) > > I hope this can become useful for the upcoming discussions. > > > [1] https://security.metacpan.org/docs/glossary.html > [2] https://security.metacpan.org/docs/readinglist.html > [3] https://security.metacpan.org/docs/supplychain-sbom.html Lovely work - especially breaking out the dependency types and SBOM variance. Dw.