Hi Arnout, On Mon, Sep 29, 2025 at 03:28:52PM +0200, Arnout Engelen via rb-general wrote: > America's cybersecurity agency, CISA, have been working on a document > describing what they consider the 'minimal' requirements for SBOMs. > They have a draft up at > https://www.cisa.gov/sites/default/files/2025-08/2025_CISA_SBOM_Minimum_Elements.pdf > which is now in 'Public Comment' phase.
many thanks for bringing this to our attention here!
[...]
> Do you agree with the comments above?
more or less... ;)
> Are there any changes you'd like to see, or additional comments you think
> would be valuable to relay in the context of reproducible builds?
probably, maybe, yes, but...
> The
> timeline is relatively strict: if we can get rough consensus before,
> say, Wednesday, I think we could respond "as the Reproducible Builds project".
... I do not think we can get a rough consensus on such a large topic
until tomorrow (after being informed about this yesterday), given that
we are a large diverse bunch of projects & people, loosely organized
over mailinglists, IRC and git repos, with a annual regular summit.
That said, I do think some individuals, be that projects or persons,
might be able to submit such a response in time. (And this thread can
very well be a starting point and become more.)
--
cheers,
Holger
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄
"We are running the most dangerous experiment in history right now, which is
to see how much carbon dioxide the atmosphere can handle before there is an
environmental catastrophe."
Source: Elon Musk speech at Paris-Sorbonne University, December 2, 2015.
signature.asc
Description: PGP signature
