[Failed NYU Email Security Check] Re: The Open Source Software Security Mobilization Plan

[Justin Cappos]

It's a shame that the document wasn't more balanced. It seems like it is
really pushing Sigstore, while not a bad project, doesn't have the success
history of RB and the other projects you mentioned.  It's insane to me that
they aren't even mentioned while Sigstore is listed ~60+ times!  Reading
between the lines, I guess Google is getting their money's worth out of
supporting the LF...

I'd say that we need to be more vigilant during these meetings and push
harder so that there isn't a recurrence.  Either that or why have a broad
list of names on the document to give it the appearance of broad community
support?

Thanks,
Justin

On Fri, May 27, 2022 at 4:31 AM Santiago Torres Arias <santiago at nyu.edu>
wrote:

> On Wed, May 25, 2022 at 02:00:18PM +0100, Chris Lamb wrote:
> > Hey Larry,
> >
> > > [..]
>
> I am listed as a reviewer I believe. I pushed for a bunch of
> technologies (reprobuilds included, + in-toto and TUF) but I don't think
> I had much of a say what goes in, but rather what was technically wrong.
>
> I think broadly speaking everybody involved believes in reprobuilds, and
> we are aware that it's a crucial part of the puzzle. So I wouldn't sweat
> it too much.
>
> Cheers!
> -Santiago
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20220527/9be0bc34/attachment.htm>