[cbi-dev] Open Source Software Supply Chain Best Practices at the Eclips

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[cbi-dev] Open Source Software Supply Chain Best Practices at the Eclipse Foundation

From: Mikael Barbero <mikael.barbero@xxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 5 Oct 2021 14:49:06 +0200
Delivered-to: cbi-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/cbi-dev/>
List-help: <mailto:cbi-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/cbi-dev>, <mailto:cbi-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/cbi-dev>, <mailto:cbi-dev-request@eclipse.org?subject=unsubscribe>

Hi,

With the increasing number of software supply chain attacks, we've defined a (non-exhaustive) list of best practices that we encourage Eclipse Foundation committers and projects to follow.

You can find those best practices at https://github.com/eclipse-cbi/best-practices/blob/main/software-supply-chain/osssc-best-practices.md

Feel free to open issues and / or PR. The goal is to continuously update this document.

Thanks!

Mikaël Barbero

Manager — Release Engineering and Technology | Eclipse Foundation

🐦 @mikbarbero

Eclipse Foundation: The Platform for Open Innovation and Collaboration

Attachment: signature.asc
Description: Message signed with OpenPGP

Follow-Ups:
- Re: [cbi-dev] Open Source Software Supply Chain Best Practices at the Eclipse Foundation
  - From: Mickael Istria

Prev by Date: Re: [cbi-dev] [cross-project-issues-dev] Apache Maven 3.8.1 is now available on Jenkins instances
Next by Date: Re: [cbi-dev] Open Source Software Supply Chain Best Practices at the Eclipse Foundation
Previous by thread: [cbi-dev] Apache Maven 3.8.1 is now available on Jenkins instances
Next by thread: Re: [cbi-dev] Open Source Software Supply Chain Best Practices at the Eclipse Foundation
Index(es):
- Date
- Thread

Breadcrumbs