Ian Dunbar-Hall

+1 as a relative new comer to the project and I've been really impressed by the maintainers and community. Absolutely supportive of project graduation!

Thoughts @joshbressers if there is value in this being a future SBOM Everywhere SIG discussion topic?

Here is the specific quote that causing us some issues for some prototyping tied to the Security Tooling WG. > It is expected that the initial code or specification developed...

Totally agree with the concern about adding additional "official" stages. But even without a defined "pre-sandbox" stage in the OpenSSF project lifecycle, projects will always pass through a "pre-sandbox" stage....

A new organization called `bomctl` for existing capability to be consolidated into a single project. - https://github.com/bomctl/bomctl

For those that would like to participate in a working meeting to work the requirements and consolidation, [this doodle](https://doodle.com/meeting/participate/id/boAk0mKe) was created to capture a time to meet.

@Charley-Mann @Starefossen We're also good from our side, and I know several of the public sector usergroup member organizations are interested in participating. We have a public sector user group...

@idvoretskyi Thanks for bringing the topic up. I'd be curious what others think. I'm point of view is to remain public for the reasons outlined below. > Sensitive Data Concerns:...

I think its a great idea. There already is some existing work in this area for binary authorization attestation and expanding it to include in-toto makes sense. - https://github.com/ossf/scorecard/tree/main/attestor

I'm in support of creating this SIG