Stewart X Addison
Stewart X Addison
Playbook changes merged and docker images rebuild successfully so this is ready to go subject to approvals.
(Last force push was for a rebase)
Knocking back to draft following this week's PMC meeting where a decision was made not to include this yet pending further understanding of whether it is really useful for a...
Have you got the details of how you would determine that?
Initial list of software that would be in scope for this for Temurin builds (currently excluding the items supplied with the OS such as `glibc`, `cups`, `systemtap` and `X11` libraries)...
Need to verify which of these are now included in the SBOM and whether others would be required.
I'm going to list the products in this comment as they are identified along with their official page, and a link to any related CVEs as a basis for this:...
We now have a reasonably complete SBOM, only missing some of the compiler details for non-Linux platforms. It should be noted that zlib, freetype and alsa are all things which...
Note: The job-restrictions plugin which we will plan to install as part of https://github.com/adoptium/infrastructure/issues/2108#issuecomment-1474073224 should allow us to get some level of isolation (Not ephemeral, but blocking non-build jobs from...
We should initially look at prioritising the primary platforms. Noting that Linux/s390x mentioned in the description is now building in a container, but the image is not being regular refreshed...