Skip to content

Discuss OpenChain and ISO compliance #870

Open
@jenstroeger

Description

@jenstroeger

The OpenChain project maintains two ISO standards related to software supply chains (ISO/IEC 5230 and ISO/IEC 18974), and for more context see also Transforming the Supply Chain with Openchain.

I’ve not yet noodled through these sources thoroughly and in depth, but I wanted to start a discussion on whether it would make sense for Macaron to provide a set of policies that check for compliance. In other words: if a package passes those policies it would comply to the OpenChain & ISO requirements.

Metadata

Metadata

Assignees

No one assigned

    Labels

    PolicyA policy provides rules to verify a property.checksThe issues related to Macaron checks

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions