Justin Cappos

We might also write this up as an academic paper or a blog and try to get relevant folks at Microsoft to take a look... On Wed, Feb 2, 2022...

I'm supportive of this mention too. A lot of other tools in the space depend-a-bot, scala steward, github's new dependency bot, etc. should also get mentioned.

We'd be happy to help in a few different ways. 1. Support efforts to adopt tools from communities we're engaged with like in-toto, TUF, reproducible builds, etc. 2. Pilot this...

Do we respond to this email or is there a better way to express interest? Justin On Thu, Jun 16, 2022 at 2:01 AM Mikko Ylinen ***@***.***> wrote: > me...

Given I'm conflicted with in-toto, I'm probably not the right person to write the document for it. However, I can do the OPA one. On Wed, Jul 3, 2019 at...

Okay, we're reaching out to @caniszczyk to get the audit list. Once we have that, I think we can put a table together. @TheFoxAtWork Do you feel we need to...

Looking forward to seeing this. I know several folks have been looking for such a resource... On Tue, Dec 17, 2019 at 11:33 PM Sarah Allen wrote: > heard via...

Works for me!

Good thought! I will mention this in the next meeting!

One option is to have some sort of pack / unpack that happens, but this is messy and requires certain tools to unpack. So I think this is a non-starter....