Kate Stewart
Kate Stewart
Waiting until the CI is updated, then we'll take a pass.
@lumjjb - can you rebase and see if you can get it passing the validation. Once it is, we'll merge.
DIscussed in call today, and general concensus that first level down would be reasonable. If web technologies permit, full enumeration would be best, but starting with first level would help...
List of Derived classes would be helpful. Agent is an example. Should be made explicit it was a Person, Tool, Org, etc. From discussion - at least direct children; but...
[x] Clone document so we can put our comments in it [Kate] Use: https://docs.google.com/document/d/1KPMlmZK8XFHTMqTJcoVmj56ERwU2K84VtHTajZF2Ikk/edit?tab=t.0#heading=h.uweqougndqvk for local OpenSSF review/comments
Agreed in meeting to kick off 2 week review window on OpenSSF copy of document by email and in Slack Agreed to create a scratchpad document as part of review...
@david-a-wheeler - just put comments in the document https://docs.google.com/document/d/1KPMlmZK8XFHTMqTJcoVmj56ERwU2K84VtHTajZF2Ikk/edit?tab=t.0#heading=h.uweqougndqvk
Agree, let's get this into /using/. we can create a version for 3.0, then create an updated version for 3.1.
@zvr - can you help me understand when we should be using component vs. package in SBOMs? Possibly the package definition should be updated to make it clear if you...
@JPEWdev - have your comments been addressed? do you approve?