[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [open-regulatory-compliance] Joint statement on the value of voluntary security attestations
|
Shanda,
If you are still open for quotes, here is my stab at late night creativity:
“The Erlang Ecosystem Foundation (EEF) is committed to streamlining processes for maintainers and consumers of FOSS projects that create in the Elixir, Erlang and Gleam language communities and which use the hex.pm package manager. Our goal over the next 12 months is to continue improving build and security tooling so that Attestations and other compliance features like SBOMs just become part of the regular development, maintenance and release process of their projects.”
— Alistair Woodman, President of the Board, EEF.
> On Apr 16, 2026, at 15:23, Salve J. Nilsen via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx> wrote:
>
> Hei Shanda,
>
>
> From the CPAN Security group, a statement:
>
> "At the CPAN Security Group, we look forward to see the Voluntary Security
> Attestations become a the tool of choice for both helping our users to
> become and remain compliant, and help them both save on compliance costs,
> so they may continue to rely on Perl and CPAN in software where long-term
> predictable and sustained maintenance is expected both for security and
> and profitability.
>
> – Salve J. Nilsen, CPANSec Policy & Metadata"
>
>
>> On Fri, 10 Apr 2026, Shanda Giacomoni via open-regulatory-compliance wrote:
>>
>> Hi all,
>>
>> Following Juan’s note, we’re preparing the launch of the ORC joint
>> statement on voluntary security attestations, planned for *April 16*.
>>
>> As part of the rollout, we’re inviting members who support the
>> statement to *contribute
>> a short quote* that we can feature across our social media and
>> communications. This is a great opportunity to highlight your
>> organisation’s perspective and reinforce the importance of attestations. If
>> you would like to contribute a quote, please send it directly to me.
>>
>> A few quick details:
>>
>> - *Deadline (preferred):* April 15. We understand internal approvals can
>> take time, so quotes are still welcome after launch and will be used in
>> ongoing promotion
>> - *Length:* 1–3 sentences
>> - *Focus:* Why voluntary security attestations matter to your
>> organisation, open source sustainability, or the broader ecosystem
>>
>> We have also drafted a *social media kit
>> <https://docs.google.com/document/d/1-ds_Mf2Akkn155QjyAv-87yBXexh9gbBRCnGoG2ut0Y/edit?usp=sharing>*
>> to make it easy for you to amplify the statement across your own channels
>> once it goes live. There is currently no link in the document, but it will
>> be added on April 16.
>>
>> If you’d like to contribute a quote or have any questions, please feel free
>> to reach out.
>>
>> Shanda
>>
>> On Thu, Apr 9, 2026 at 4:16 AM Juan Rico via open-regulatory-compliance <
>> open-regulatory-compliance@xxxxxxxxxxx> wrote:
>>
>>> Dear ORC Community,
>>>
>>> After a few weeks of work and several rounds of feedback we finalised the
>>> joint statement on the role of Voluntary security attestations. Please take
>>> a look to it and if you have a ny strong concern with it, please let me
>>> know.
>>>
>>> In the coming days, Shanda will be sharing a social kit and the launching
>>> plan for those of you who want to actively promote it.
>>>
>>> Once again, thanks a lot for the engagement and contributions and best
>>> regards,
>>> Juan
>>> --
>>> Juan Rico
>>> *Senior Manager ORC, Oniro and Cloud Programs* | Eclipse Foundation
>>> Europe GmbH <http://www.eclipse.org/> | X <https://twitter.com/EclipseFdn>
>>> | LinkedIn <https://www.linkedin.com/company/eclipse-foundation/> |
>>> YouTube <https://www.youtube.com/user/EclipseFdn> | Instagram
>>> <https://www.instagram.com/eclipsefoundation/> | Bluesky
>>> <https://bsky.app/profile/eclipsefdn.bsky.social> | Mastodon
>>> <https://mastodon.social/@EclipseFdn>
>>>
>>> Eclipse Foundation <http://www.eclipse.org/>: The Community for Open
>>> Collaboration and Innovation
>>>
>>>
>>> Berliner Allee 47, 64295 Darmstadt
>>>
>>> Handelsregister: Darmstadt HRB 92821
>>>
>>> Managing Directors: Gaël Blondelle, Mike Milinkovich, Michael Plagge
>>> _______________________________________________
>>> open-regulatory-compliance mailing list
>>> open-regulatory-compliance@xxxxxxxxxxx
>>> To unsubscribe from this list, visit https://accounts.eclipse.org
>>>
>>
>>
>>
>
> --
> #!/usr/bin/env perl
> sub AUTOLOAD{$AUTOLOAD=~/.*::(\d+)/;seek(DATA,$1,0);print# Salve Joshua Nilsen
> getc DATA}$"="'};&{'";@_=unpack("C*",unpack("u*",':50,$'.# <sjn@xxxxxx>
> '3!=0"59,6!`%%P\0!1)46%!F.Q`%01,`'."\n"));eval "&{'@_'}"; __END__ is near! :)
> _______________________________________________
> open-regulatory-compliance mailing list
> open-regulatory-compliance@xxxxxxxxxxx
> To unsubscribe from this list, visit https://accounts.eclipse.org
