Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenSSF Scorecard for bagit repo? #179

Open
peterk opened this issue Oct 8, 2024 · 2 comments
Open

OpenSSF Scorecard for bagit repo? #179

peterk opened this issue Oct 8, 2024 · 2 comments

Comments

@peterk
Copy link

peterk commented Oct 8, 2024

Thank you for developing bagit! Would it be possible to help users determine the security of the bagit repo by looking into some of the practices in the openssf scorecard recommendations?
@acdha
Copy link
Member

acdha commented Oct 15, 2024

I guess my first question would be what benefit users would have for this. Nobody has asked for it and it's unclear to me that a project with no dependencies outside of the Python standard library would be a high priority for supply-chain monitoring.

@peterk
Copy link
Author

peterk commented Oct 27, 2024

Bagit is included in other build chains. Knowing that bagit follows some of the OpenSSF practices would make it easier to trust the project. I understand if it feels cumbersome to implement all of the practices but it would help me and others mitigate risk if some of the practices were implemented.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@peterk @acdha