Open
Description
The OpenChain project maintains two ISO standards related to software supply chains (ISO/IEC 5230 and ISO/IEC 18974), and for more context see also Transforming the Supply Chain with Openchain.
I’ve not yet noodled through these sources thoroughly and in depth, but I wanted to start a discussion on whether it would make sense for Macaron to provide a set of policies that check for compliance. In other words: if a package passes those policies it would comply to the OpenChain & ISO requirements.