Add 2024 Q4 Sigstore Update #413
Conversation
Closes ossf#412 Signed-off-by: Hayden B <[email protected]>
marcelamelara
added
the
TI Update
|
Thanks all, can someone merge? |
These types of PRs need 5 approvals, I'll ping folks on Slack. |
There was a problem hiding this comment.
Sigstore has all the signs of a successful, well run project which should inspire other OpenSSF projects!
Although I think it should, our report template doesn't currently prompt for this but I'd appreciate any info on how Sigstore is doing with the implementation of the Security Baseline. What's the status? Are there any issues encountered?
Thanks.
|
|
||
| ### Conference | ||
|
|
||
| Our second [SigstoreCon: Supply Chain Day](https://events.linuxfoundation.org/sigstorecon-supply-chain-day/) conference just wrapped up. With just over 90 attendees, SigstoreCon brought together individuals and organizations excited about not only Sigstore but other supply chain initiatives such as SLSA, SBOM, or in-toto. Talks are recorded [here](https://www.youtube.com/playlist?list=PLM6mY5TOhY1E02_fQWqfQk_gMRHHtX0q6). |
There was a problem hiding this comment.
Using “here” as a link anchor is an anti-pattern.
For more info see the following blog post (from a renowned expert. ;-) : https://lehors.wordpress.com/2009/01/29/linking-the-proper-way/
I actually think that TI reports should get reviewed by as many TAC members as possible. There is no rush and in my opinion it's more important that everybody gets a chance to be informed. |
As part of the TI graduation process earlier in 2024, the Sigstore TSC documented status against the best practices badge requirements - which I know isn't exactly the same as the security baseline, but is probably the closest we have to documenting the overall posture of the Sigstore project. |
Closes #412