Rbowen
Three talks in to #fossbackstage, and I feel like each one has given me reasons to rewrite portions of my own talk. Lots to think about.
Mar 16 at 11:34amMastodon for Android
Show threadFOSS BackstageMar 16
@rbowen happy to hear that it has been inspiring so far!
Show threadJan AinaliMar 16
@rbowen Some great talks indeed! I won't rewrite my talk, but I definitely need to refer to some excellent points being made in the talks I heard this morning. #fossback
Show threadMaineCMar 16
@rbowen love hearing that! Glad the talks provide valuable new insight!
Show threadGuilherme DellagustinMar 19
Hey @rbowen , thank you for the talk. Regarding keeping records of a fork's provenance, for e.g. SBOM generation, vulnerability management, etc... have you found some industry standard for that?
At SAP we came up with one, after we did not find prior art, you may be interested in that: https://github.com/SAP/fork-metadata-standard
Although the documentation states it aims at internal forks, I think that could address similar problems for public forks as well.
GitHub - SAP/fork-metadata-standard: The Fork Metadata Standard (FMS) defines a structured, platform-agnostic format for documenting the origin of a forked open-source project.

The Fork Metadata Standard (FMS) defines a structured, platform-agnostic format for documenting the origin of a forked open-source project. - SAP/fork-metadata-standard

GitHub