You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Tasks related to content production, publication, community coordination, social media and other outreach efforts. Also, managing and keeping the CPANSec web presence up-to-date and useful, and integration with existing websites and services like MetaCPAN.
Establishing a trusted publishing infrastructure, including tooling and integration with https://in-toto.io/ and SLSA, and required Authentication regimes
Tooling for external (third-party) monitoring of updates to ecosystem packages, and tooling for fist-party integrity checking of metadata (e.g. sigstore or sigsum). See also https://transparency.dev
Develop tooling for publishing and applying third-party security patches to CPAN distributions that have non-responsive authors, to enable high-priority updates to CPAN packages.
For assisting, tracking and responding to legal and privacy issues around CPAN metadata, including compliance with GDPR, NIS2 and other relevant regulations
CPAN Security Group