--
You received this message because you are subscribed to the Google Groups "ossf-wg-developer-identity" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossf-wg-developer-i...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ossf-wg-developer-identity/CAKdVbG-N6mY64JYdQ4Peh44s0eGM%3DebmUHfO-82nESi%2BaM96jg%40mail.gmail.com.
--
On Jan 6, 2022, at 3:13 PM, 'Michael Winser' via ossf-wg-developer-identity <ossf-wg-devel...@googlegroups.com> wrote:
To view this discussion on the web visit https://groups.google.com/d/msgid/ossf-wg-developer-identity/CAAs52u-gzGAYHPVhrPakj%3DUu7USGivOL3fmDT6kprVDOBtH1Xg%40mail.gmail.com.
Thanks everyone for the feedback! Yes, let’s plan some time in the next Supply Chain Integrity WG meeting for further discussion.
Perhaps we can start with the following scenario – which specification should organizations use to sign supply chain artifacts like Software Bills of Materials (SBOMs).
We’ve been grappling with this at Microsoft and can share our thoughts and the decision matrix we have been using to approach our decision.
Kay
To view this discussion on the web visit https://groups.google.com/d/msgid/ossf-wg-developer-identity/FDBCE77B-176B-443A-BDBD-517AE91B8104%40gmail.com.