Trusted Repo Security SIG Proposal

[afmarcum]

The Trusted Repository Security Initiative Task Force was created from roundtables at the Secure OSS Policy Summit in Washington D.C. in Sept. 2023 and would like to work as a SIG within the Supply Chain Integrity WG.

The proposal of the focus, intent, goals, and/or deliverables of the SIG is captured here.

Initial membership consists of @msilverman-fsisac, @AevaOnline and others, which meets the sandbox SIG requirements. Other interested parties include @jkjell and @hepwori.

The group is looking for the SCI WG to agree to be the governing body for the Trusted Repo Security SIG. If a vote is required, would the June 5, 2024 WG meeting provide enough time to review?

[ddmiket]

I would like to be added to the list of initial membership please. I helped edit the original proposal/goal document that led to this SIG.