Re: [cbi-dev] Open Source Software Supply Chain Best Practices at the Eclipse Foundation
Thanks for this document. It's a very valuable resource for all developers to get familiar with the possible entry-points of a supply-chain attack. Do you plan to share it more widely to all committers soon? Or are you waiting for some "milestone" before doing so?