bagit-python icon indicating copy to clipboard operation
bagit-python copied to clipboard

Published 20 hours ago verified publisher icon LibraryOfCongress

OpenSSF Scorecard for bagit repo?

Open peterk opened this issue 1 year ago • 1 comments
trafficstars

Thank you for developing bagit! Would it be possible to help users determine the security of the bagit repo by looking into some of the practices in the openssf scorecard recommendations?

peterk avatar Oct 08 '24 18:10 peterk

I guess my first question would be what benefit users would have for this. Nobody has asked for it and it's unclear to me that a project with no dependencies outside of the Python standard library would be a high priority for supply-chain monitoring.

acdha avatar Oct 15 '24 21:10 acdha

Bagit is included in other build chains. Knowing that bagit follows some of the OpenSSF practices would make it easier to trust the project. I understand if it feels cumbersome to implement all of the practices but it would help me and others mitigate risk if some of the practices were implemented.

peterk avatar Oct 27 '24 17:10 peterk