RbowenThree talks in to #fossbackstage, and I feel like each one has given me reasons to rewrite portions of my own talk. Lots to think about.
Guilherme DellagustinHey @rbowen , thank you for the talk. Regarding keeping records of a fork's provenance, for e.g. SBOM generation, vulnerability management, etc... have you found some industry standard for that?
At SAP we came up with one, after we did not find prior art, you may be interested in that: https://github.com/SAP/fork-metadata-standard
Although the documentation states it aims at internal forks, I think that could address similar problems for public forks as well.
