[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Meetup at CD Summit / KubeCon

Hi everyone,


Several of us will be in San Diego next week (Nov 18 – 21) for CD Summit / KubeCon. I would like to find a 3 hour block of time to meet (physically and virtually) for discussion and planning. For this 3-hour meeting, I would like to broaden the conversation from SBOM to the overall software supply chain ecosystem including the following:


  • Artifact signing - how do producers sign artifacts, and distribute, revoke and replace keys?
  • Artifact metadata repositories – how do producers allow queries and updates of the artifacts and SBOMS they provide?
  • Artifact policy - how do consumers specify which artifacts they allow?
  • Artifact enforcement - how do consumers enforce policies on artifacts entering their ecosystems?


I am working with the Marriot Marquis to secure a room for the meeting.  Here are some tentative times:


  • Monday 11/18
    • 5-8 PM
  • Thursday 11/21
    • 9-Noon
    • 1-4 PM
    • 5-8 PM


Please reply (to me) with the following:


  1. Are you interested in participating in these discussions?
  2. Will you be at CD Summit / KubeCon?
  3. Do you have a preference for any of the above dates and times?


I will create a separate email thread with interested folks.