Are we aware of and working on this? I don't recall discussions on this
particular topic...
https://www.scworld.com/news/cisa-releases-draft-changes-to-sbom-minimum-requirements-for-comment
Craig L Russell
c...@apache.org
-
T
I was thinking about why we have SBOMs and took it to the next level.
Users use SBOMs in order to know the entire stack of software they are running.
This allows them to know whether the products that they use are subject to
known vulnerabilities. But in order to take advantage of this, they ne
Hi,
The DB JDO project is interested in creating SBOMs for our releases. Is there a
good tutorial for the uninformed as to how to actually produce SBOMs?
I know that the security team is working on documenting existing SBOMs for some
projects. I looked at the security web site and it did not y
I looked for a discussion of the Apache OAuth implementation of 2FA recovery
and did not find anything.
https://infra.apache.org/2fa-policy.html
https://oauth.apache.org/api.html
There are many details on how it works and how to set it up.
But nothing about what to do if you lose your 2FA token
Hi Sam,
I think these points are excellent. Up to now, we have provided software for
the public good without expecting anything in return, except to adhere to the
license terms.
But using our software does involve responsibilities that you have outlined
here.
Good job.
Craig
> On Jan 7,
I have just one minor detail: our software is free to modify as well as
redistribute. I'd suggest:
Software developed at the ASF is made available at no cost and without
warranty, under a license permitting commercial modification and reuse without
notification. Many commercial products includ
