Re: Software Bill of Materials (SBOM) in Perl and CPAN

Apart from the talk Salve gave I remember a connected one from Renee Bäcker at the last GPW, which rather centered around security against malicious software in CPAN.

But the article you linked to seems to be centered around guaranteeing the supply.

These are two very different beasts, the one centers around getting software running the other one around hardening the dependency chain against manipulation.

Could you please elaborate where your focus is?

Cheers Rolf
_{(addicted to the Perl Programming Language :)

see Wikisyntax for the Monastery}

Comment on Re: Software Bill of Materials (SBOM) in Perl and CPAN

Replies are listed 'Best First'.
Re^2: Software Bill of Materials (SBOM) in Perl and CPAN by mldvx4 (Friar) on Sep 03, 2024 at 18:08 UTC
Could you please elaborate where your focus is? LanX accurately identified my post as a general question. In that context I am more interested in the ongoing ability for US federal departments and agencies to continue their ability to use Perl and CPAN. These kind of regulations have a tendency to spread throughout whole administrations over time. So it is a question of maintaining supply. But, I have no dog in this fight, at least not directly.	[reply]

Replies are listed 'Best First'.

Re^2: Software Bill of Materials (SBOM) in Perl and CPAN
by mldvx4 (Friar) on Sep 03, 2024 at 18:08 UTC

Could you please elaborate where your focus is?

LanX accurately identified my post as a general question. In that context I am more interested in the ongoing ability for US federal departments and agencies to continue their ability to use Perl and CPAN. These kind of regulations have a tendency to spread throughout whole administrations over time. So it is a question of maintaining supply. But, I have no dog in this fight, at least not directly.

[reply]