Software Supply Chain Best Practices v2

[mnm678]

Description: what's your idea?

Impact: Describe the customer impact of the problem. Who will this help? How
will it help them?

Scope: How much effort will this take? ok to provide a range of options if or
"not yet determined" for initial proposals. Feel free to include proposed tasks
below or link a Google doc

Intent to lead:

• I volunteer to be a project lead on this proposal if the community is
  interested in pursing this work. This statement of intent does not preclude
  others from co-leading or becoming lead in my stead.

Proposal to Project:

• Added to the planned meeting template for 01 24
• Raised in a Security TAG meeting to determine interest - mm dd
• Collaborators comment on issue for determine interest and nominate project
  lead
• Scope determined via meeting mm dd and/or shared document add link
  with call for participation in #tag-security slack channel thread add link
  and mailing list email add link
• Scope presented to Security TAG leadership and Sponsor is assigned

TO DO

• Security TAG Leadership Representative: @mnm678
• Project leader(s):
• Issue is assigned to project leaders and Security TAG Leadership
  Representative
• Project Members:
• Fill in addition TODO items here so the project team and community can
  see progress!
• Scope
• Deliverable(s)
• Project Schedule
• Slack Channel (as needed): #tag-security-supply-chain-wg
• Meeting Time & Day: Thursdays 11-12 EST
• Meeting Notes (link):https://docs.google.com/document/d/1MTM782nluFl4_ybG-fXHmRT2k4bPN18ifdzpUltQQCw/edit
• Meeting Details (zoom or hangouts link): https://zoom.us/j/94277589070
• Retrospective

[jkjell]

Count me in! ☺️

[developer-guy]

we (w/@Dentrax) would love to help!

[Vombato]

I would love to help too 🤚🏻

[mnm678]

We will be kicking off this effort in the working group meeting tomorrow! (Thursday at 11am US eastern time)

[mnm678]

The paper is ready for community review! We'd appreciate any feedback: https://docs.google.com/document/d/1IQ6tVdxfXX-y5oOjRWUspIrK5xDmVbJ8-XieCG5Cgko/edit#heading=h.otreoolht20w.

[ai2017]

Is there a deadline to submit the review comments ?

[mnm678]

We're hoping to have all comments by next Thursday (September 5)

[georgalis]

FYI - I've added many comments to the Software Supply Chain Best Practices v2 doc today, and just completed extensive review in slack. https://cloud-native.slack.com/archives/C01KL0B4LKC/p1725490453437489 I think the slack items are in scope, but there are so many that they may need deferral for next rev? Please reply to threads to calibrate scope! Thanks.

[eddie-knight]

The markdown for this whitepaper was merged in #1396

Next step is for @mnm678 to work with CNCF to produce a PDF