[open-regulatory-compliance] ORC events this week

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[open-regulatory-compliance] ORC events this week

From: Juan Rico <juan.rico@xxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 10 Nov 2025 08:00:00 +0100
Delivered-to: open-regulatory-compliance@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/open-regulatory-compliance/>
List-help: <mailto:open-regulatory-compliance-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/open-regulatory-compliance>, <mailto:open-regulatory-compliance-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/open-regulatory-compliance>, <mailto:open-regulatory-compliance-request@eclipse.org?subject=unsubscribe>

Dear ORC Community,

Find below the events the WG will be hosting this week.

Monday (November 10, 2025)

🛡️ Cyber Resilience SIG
Location: https://meet.jit.si/moderated/afe9a4643dd84fb5123e1a745a0fd90b749a44c6fb91d582505628215ee52d98

Meeting info:
https://github.com/orcwg/orcwg/blob/main/MEETINGS.md#cyber-resilience-sig-call

Agenda:
https://github.com/orcwg/orcwg/labels/cyber-resilience-sig

Jitsi meeting:
https://meet.jit.si/moderated/afe9a4643dd84fb5123e1a745a0fd90b749a44c6fb91d582505628215ee52d98

Time: at 16:00 CET / at 15:00 UTC

📣 CRA Mondays: OSS provenance and code signing: how SignPath Foundation guarantees software integrity for its member projects
Location: https://eclipse.zoom.us/j/82349283943

Some OSS projects are maintained by a foundation like Eclipse, Apache, or Mozilla with often rigorous governance over the release process. However, this approach doesn’t scale, so most OSS projects ship unverified and often unsigned releases. This breaks the trust model of Linus’s Law, which is based on source code. Also, OSS releases are often unsigned, leading to a major security degradation and often usability issues. Unverified signing can lead to issues like the 2024 XZ Utils incident.

SignPath Foundation provides free and secure code signing for 250 OSS projects. To achieve this, we had to go beyond key security: how can we guarantee that releases are safe to use?

Read more

Time: at 17:00 CET / at 16:00 UTC

Friday (November 14, 2025)

📖 FAQ Task Force
Location: https://meet.jit.si/moderated/afe9a4643dd84fb5123e1a745a0fd90b749a44c6fb91d582505628215ee52d98

The FAQ Task Force is responsible for developing and maintaining the CRA FAQs. It meets regularly to organize its work-mode, address open issues, and onboard new contributors.

Agenda & Minutes: https://github.com/orcwg/orcwg/tree/main/cyber-resilience-sig/minutes/faq-task-force

Meeting info: https://github.com/orcwg/orcwg/blob/main/MEETINGS.md#faq-task-force-call

Jitsi meeting: https://meet.jit.si/moderated/afe9a4643dd84fb5123e1a745a0fd90b749a44c6fb91d582505628215ee52d98

Time: at 13:30 CET / at 12:30 UTC

Do not forget to take a look to the white paper as shared by Marta in her email to this list.

Note: Individual .ics files are attached for each event, which you can import into your calendar application.

Have a great week!

Juan

Juan Rico

Eclipse Foundation: The Community for Open Collaboration and Innovation

Berliner Allee 47, 64295 Darmstadt

Handelsregister: Darmstadt HRB 92821

Managing Directors: Gaël Blondelle, Mike Milinkovich, Michael Plagge

BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Google Apps Script//Weekly Event Report//EN
CALSCALE:GREGORIAN
METHOD:PUBLISH
BEGIN:VEVENT
UID:e60g6qbnpsf8q6m3c8tf4n3ob8@xxxxxxxxxx
DTSTAMP:20251109T114316Z
DTSTART:20251114T123000Z
DTEND:20251114T133000Z
SUMMARY:FAQ Task Force
DESCRIPTION:The FAQ Task Force is responsible for developing and maintaining the CRA FAQs. It meets regularly to organize its work-mode\, address open issues\, and onboard new contributors.<br><br>Agenda &amp\; Minutes: <a href="https://github.com/orcwg/orcwg/tree/main/cyber-resilience-sig/minutes/faq-task-force"; target="_blank"><u>https://github.com/orcwg/orcwg/tree/main/cyber-resilience-sig/minutes/faq-task-force</u></a><br><br>Meeting info: <a href="https://github.com/orcwg/orcwg/blob/main/MEETINGS.md#faq-task-force-call"; target="_blank"><u>https://github.com/orcwg/orcwg/blob/main/MEETINGS.md#faq-task-force-call</u></a><br><br>Jitsi meeting: <a href="https://meet.jit.si/moderated/afe9a4643dd84fb5123e1a745a0fd90b749a44c6fb91d582505628215ee52d98"; target="_blank"><u><u>https://meet.jit.si/moderated/afe9a4643dd84fb5123e1a745a0fd90b749a44c6fb91d582505628215ee52d98</u></u></a>
LOCATION:https://meet.jit.si/moderated/afe9a4643dd84fb5123e1a745a0fd90b749a44c6fb91d582505628215ee52d98
STATUS:CONFIRMED
SEQUENCE:0
END:VEVENT
END:VCALENDAR

BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Google Apps Script//Weekly Event Report//EN
CALSCALE:GREGORIAN
METHOD:PUBLISH
BEGIN:VEVENT
UID:6qo1cf6a99bfc3mt22hn2eh978@xxxxxxxxxx
DTSTAMP:20251109T114316Z
DTSTART:20251110T150000Z
DTEND:20251110T160000Z
SUMMARY:Cyber Resilience SIG
DESCRIPTION:Meeting info:<br><a href="https://www.google.com/url?q=https://github.com/orcwg/orcwg/blob/main/MEETINGS.md%23cyber-resilience-sig-call&amp\;sa=D&amp\;source=calendar&amp\;ust=1762550291195435&amp\;usg=AOvVaw3zC7eeho9NuJtN0Mdpp0ls"; target="_blank">https://github.com/orcwg/orcwg/blob/main/MEETINGS.md#cyber-resilience-sig-call</a><br><br>Agenda:<br><a href="https://www.google.com/url?q=https://github.com/orcwg/orcwg/labels/cyber-resilience-sig&amp\;sa=D&amp\;source=calendar&amp\;ust=1762550291195435&amp\;usg=AOvVaw2IFSgAn_I9_TqIH0WuQ303"; target="_blank">https://github.com/orcwg/orcwg/labels/cyber-resilience-sig</a><br><br>Jitsi meeting:<br><a href="https://www.google.com/url?q=https://meet.jit.si/moderated/afe9a4643dd84fb5123e1a745a0fd90b749a44c6fb91d582505628215ee52d98&amp\;sa=D&amp\;source=calendar&amp\;ust=1762550291195435&amp\;usg=AOvVaw3FhtmaawUN2Q-OMiIewaPV"; target="_blank"><u>https://meet.jit.si/moderated/afe9a4643dd84fb5123e1a745a0fd90b749a44c6fb91d582505628215ee52d98</u></a>
LOCATION:https://meet.jit.si/moderated/afe9a4643dd84fb5123e1a745a0fd90b749a44c6fb91d582505628215ee52d98
STATUS:CONFIRMED
SEQUENCE:0
END:VEVENT
END:VCALENDAR

BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Google Apps Script//Weekly Event Report//EN
CALSCALE:GREGORIAN
METHOD:PUBLISH
BEGIN:VEVENT
UID:4j5ahsgv2tmkogfg5kpg1fq3tj_R20250915T150000@xxxxxxxxxx
DTSTAMP:20251109T114316Z
DTSTART:20251110T160000Z
DTEND:20251110T170000Z
SUMMARY:CRA Mondays: OSS provenance and code signing: how SignPath Foundation guarantees software integrity for its member projects
DESCRIPTION:<p dir="auto">Some OSS projects are maintained by a foundation like Eclipse\, Apache\, or Mozilla with often rigorous governance over the release process. However\, this approach doesn’t scale\, so most OSS projects ship unverified and often unsigned releases. This breaks the trust model of Linus’s Law\, which is based on source code. Also\, OSS releases are often unsigned\, leading to a major security degradation and often usability issues. Unverified signing can lead to issues like the 2024 XZ Utils incident.</p><p dir="auto">SignPath Foundation provides free and secure code signing for 250 OSS projects. To achieve this\, we had to go beyond key security: how can we guarantee that releases are safe to use?<br><br><a href="https://github.com/orcwg/orcwg/tree/main/events/cra-mondays";>Read more</a></p>
LOCATION:https://eclipse.zoom.us/j/82349283943
STATUS:CONFIRMED
SEQUENCE:0
END:VEVENT
END:VCALENDAR

Follow-Ups:
- Re: [open-regulatory-compliance] ORC events this week
  - From: Juan Rico

Prev by Date: Re: [open-regulatory-compliance] Open Source Software Stewards and CRA Whitepaper: review in progress until November 20th
Next by Date: Re: [open-regulatory-compliance] Open Source Software Stewards and CRA Whitepaper: review in progress until November 20th
Previous by thread: Re: [open-regulatory-compliance] ORC Events this week
Next by thread: Re: [open-regulatory-compliance] ORC events this week
Index(es):
- Date
- Thread

Breadcrumbs

Monday (November 10, 2025)

Friday (November 14, 2025)