[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [open-regulatory-compliance] Joint statement on the value of voluntary security attestations
|
Hei Shanda,
>From the CPAN Security group, a statement:
"At the CPAN Security Group, we look forward to see the Voluntary Security
Attestations become a the tool of choice for both helping our users to
become and remain compliant, and help them both save on compliance costs,
so they may continue to rely on Perl and CPAN in software where long-term
predictable and sustained maintenance is expected both for security and
and profitability.
– Salve J. Nilsen, CPANSec Policy & Metadata"
On Fri, 10 Apr 2026, Shanda Giacomoni via open-regulatory-compliance wrote:
> Hi all,
>
> Following Juan’s note, we’re preparing the launch of the ORC joint
> statement on voluntary security attestations, planned for *April 16*.
>
> As part of the rollout, we’re inviting members who support the
> statement to *contribute
> a short quote* that we can feature across our social media and
> communications. This is a great opportunity to highlight your
> organisation’s perspective and reinforce the importance of attestations. If
> you would like to contribute a quote, please send it directly to me.
>
> A few quick details:
>
> - *Deadline (preferred):* April 15. We understand internal approvals can
> take time, so quotes are still welcome after launch and will be used in
> ongoing promotion
> - *Length:* 1–3 sentences
> - *Focus:* Why voluntary security attestations matter to your
> organisation, open source sustainability, or the broader ecosystem
>
> We have also drafted a *social media kit
> <https://docs.google.com/document/d/1-ds_Mf2Akkn155QjyAv-87yBXexh9gbBRCnGoG2ut0Y/edit?usp=sharing>*
> to make it easy for you to amplify the statement across your own channels
> once it goes live. There is currently no link in the document, but it will
> be added on April 16.
>
> If you’d like to contribute a quote or have any questions, please feel free
> to reach out.
>
> Shanda
>
> On Thu, Apr 9, 2026 at 4:16 AM Juan Rico via open-regulatory-compliance <
> open-regulatory-compliance@xxxxxxxxxxx> wrote:
>
> > Dear ORC Community,
> >
> > After a few weeks of work and several rounds of feedback we finalised the
> > joint statement on the role of Voluntary security attestations. Please take
> > a look to it and if you have a ny strong concern with it, please let me
> > know.
> >
> > In the coming days, Shanda will be sharing a social kit and the launching
> > plan for those of you who want to actively promote it.
> >
> > Once again, thanks a lot for the engagement and contributions and best
> > regards,
> > Juan
> > --
> > Juan Rico
> > *Senior Manager ORC, Oniro and Cloud Programs* | Eclipse Foundation
> > Europe GmbH <http://www.eclipse.org/> | X <https://twitter.com/EclipseFdn>
> > | LinkedIn <https://www.linkedin.com/company/eclipse-foundation/> |
> > YouTube <https://www.youtube.com/user/EclipseFdn> | Instagram
> > <https://www.instagram.com/eclipsefoundation/> | Bluesky
> > <https://bsky.app/profile/eclipsefdn.bsky.social> | Mastodon
> > <https://mastodon.social/@EclipseFdn>
> >
> > Eclipse Foundation <http://www.eclipse.org/>: The Community for Open
> > Collaboration and Innovation
> >
> >
> > Berliner Allee 47, 64295 Darmstadt
> >
> > Handelsregister: Darmstadt HRB 92821
> >
> > Managing Directors: Gaël Blondelle, Mike Milinkovich, Michael Plagge
> > _______________________________________________
> > open-regulatory-compliance mailing list
> > open-regulatory-compliance@xxxxxxxxxxx
> > To unsubscribe from this list, visit https://accounts.eclipse.org
> >
>
>
>
--
#!/usr/bin/env perl
sub AUTOLOAD{$AUTOLOAD=~/.*::(\d+)/;seek(DATA,$1,0);print# Salve Joshua Nilsen
getc DATA}$"="'};&{'";@_=unpack("C*",unpack("u*",':50,$'.# <sjn@xxxxxx>
'3!=0"59,6!`%%P\0!1)46%!F.Q`%01,`'."\n"));eval "&{'@_'}"; __END__ is near! :)
