SLSA workstreams – sign up and collaborate on the next phase of SLSA development

150 views
Skip to first unread message

Joshua Lock

unread,
Jul 13, 2022, 11:12:56 AM7/13/22
to slsa-di...@googlegroups.com

Hello SLSA friends,

 

The SLSA workstreams we discussed in the prior two community meetings are ready for interested participants to signup.

Workstreams will house focused collaboration within a theme from the roadmap. If you are interested in collaborating on these themes, please join the workstream by signing up to the discussion group or Slack channel (preferably both).

 

Workstream leads will communicate with members to establish the most convenient time for the workstream to meet.

 

The active workstreams are:

 

Note: in a future roadmap we will also establish an Adoption workstream. We agreed to hold off on forming this workstream until the specification is further along and more tooling is available.

 

Happy collaborating,

Joshua

Arnaud Le Hors

unread,
Jul 13, 2022, 12:26:54 PM7/13/22
to Joshua Lock, slsa-di...@googlegroups.com

Hi,

 

I haven’t been able to join the last SLSA calls so I apologize for bringing this up so late but I would recommend using a different name than “workstreams”. I would suggest using something like “taskforce” instead.

The reason is to avoid overloading the name “workstreams” which is referenced in the OpenSSF Mobilization plan for something different:

https://openssf.org/oss-security-mobilization-plan/

 

Regards.

-- 

Arnaud  Le Hors - Senior Technical Staff Member - Open Technologies - IBM

 

 

From: 'Joshua Lock' via slsa-discussion <slsa-di...@googlegroups.com>
Date: Wednesday, July 13, 2022 at 5:13 PM
To: slsa-di...@googlegroups.com <slsa-di...@googlegroups.com>
Subject: [EXTERNAL] SLSA workstreams – sign up and collaborate on the next phase of SLSA development

Hello SLSA friends, The SLSA workstreams we discussed in the prior two community meetings are ready for interested participants to signup. Workstreams will house focused collaboration within a theme from the ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍

ZjQcmQRYFpfptBannerStart

This Message Is From an External Sender

This message came from outside your organization.

ZjQcmQRYFpfptBannerEnd

--
You received this message because you are subscribed to the Google Groups "slsa-discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to slsa-discussi...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/slsa-discussion/PH0PR05MB8749A9870DB2DE260D5956CDCE899%40PH0PR05MB8749.namprd05.prod.outlook.com.

Kim Lewandowski

unread,
Jul 13, 2022, 12:54:05 PM7/13/22
to Arnaud Le Hors, Joshua Lock, slsa-di...@googlegroups.com
Thank you Joshua for organizing and communicating this! I'll share with my broader team and hope to get more folks involved from Chainguard.

Emmy Eide

unread,
Jul 13, 2022, 12:59:02 PM7/13/22
to Kim Lewandowski, Arnaud Le Hors, Joshua Lock, slsa-di...@googlegroups.com
Thank you Joshua! 

Emmy Eide, Sr. Manager, Red Hat Product Security - Supply Chain
She/Her/Hers


Isaac Hepworth

unread,
Jul 13, 2022, 4:48:30 PM7/13/22
to Kim Lewandowski, Arnaud Le Hors, Joshua Lock, slsa-di...@googlegroups.com
Same, I've sent out a note to encourage more folks from Google to get involved too.

Thanks Joshua! 🙌

Isaac

Joshua Lock

unread,
Jul 14, 2022, 5:40:44 AM7/14/22
to slsa-discussion
Hi Arnaud,

Thanks for raising this. We avoided Working Groups, as that's already a term in the OpenSSF, but we missed that Workstream is already in use. 

Fortunately, we don't use the term in many places and it should be easy to change. I've added that as a task within our issue to document the teams within our governance documentation and site:

Joshua

Joshua Lock

unread,
Jul 14, 2022, 6:03:36 AM7/14/22
to Fridolín Pokorný, slsa-di...@googlegroups.com, Kim Lewandowski, Isaac Hepworth, Arnaud Le Hors

Apologies, joining Slack workspaces can be confusing.

OpenSSF Slack doesn’t require linuxfoundation.org addresses, I think you should be able to sign up at https://slack.openssf.org/ ?

 

Joshua

 

From: Fridolín Pokorný <fridolin...@datadoghq.com>
Date: Wednesday, 13 July 2022 at 23:22
To: Joshua Lock <jl...@vmware.com>, slsa-di...@googlegroups.com <slsa-di...@googlegroups.com>
Cc: Kim Lewandowski <k...@chainguard.dev>, Isaac Hepworth <isa...@google.com>, Arnaud Le Hors <leh...@us.ibm.com>
Subject: Re: SLSA workstreams – sign up and collaborate on the next phase of SLSA development

Workstreams will house focused collaboration within a theme from the roadmap. If you are interested in collaborating on these themes, please join the workstream by signing up to the discussion group or Slack channel (preferably both).

 

Unfortunately, it looks like the referenced Slack channels are available only for @linuxfoundation.org addresses. I tried to sign up but I was refused:

 

Don’t have an @linuxfoundation.org email address?

Contact the workspace administrator at Open Source Security Foundation (OpenSSF) for an invitation. 

 

I tried to follow the "Contact" link, but it is available only for logged in users. Is it possible to get an invite?

 

Thanks,

Fridolin

Fridolín Pokorný

unread,
Jul 14, 2022, 8:27:56 AM7/14/22
to Joshua Lock, slsa-di...@googlegroups.com, Kim Lewandowski, Isaac Hepworth, Arnaud Le Hors
Thanks, it worked.

Have a great day,
Fridolin

Fridolín Pokorný

unread,
Jul 14, 2022, 8:28:05 AM7/14/22
to Joshua Lock, slsa-di...@googlegroups.com, Kim Lewandowski, Isaac Hepworth, Arnaud Le Hors

Workstreams will house focused collaboration within a theme from the roadmap. If you are interested in collaborating on these themes, please join the workstream by signing up to the discussion group or Slack channel (preferably both).


Mark Lodato

unread,
Jul 15, 2022, 11:56:21 AM7/15/22
to Joshua Lock, slsa-di...@googlegroups.com
If you plan to regularly attend the workstream meetings, please fill out the corresponding survey to help us pick appropriate time slots:
Please respond by end of day Monday (July 18).

Note: This is only used for scheduling; anyone can still attend even if they don't respond.


--
Reply all
Reply to author
Forward
0 new messages