From e4ead3726b641d92070484ada1a6f50474158b2b Mon Sep 17 00:00:00 2001 From: Juan <137221298+jrico-eclipse@users.noreply.github.com> Date: Thu, 29 May 2025 11:30:25 +0200 Subject: [PATCH 1/2] Update README.md Signed-off-by: Juan <137221298+jrico-eclipse@users.noreply.github.com> --- profile/README.md | 38 ++++++++++++++++++++++++++++++++++---- 1 file changed, 34 insertions(+), 4 deletions(-) diff --git a/profile/README.md b/profile/README.md index daace70..3617092 100644 --- a/profile/README.md +++ b/profile/README.md @@ -12,26 +12,56 @@ The ORC WG main focus today is on supporting the open source community in develo - **[CRA Hub](https://github.com/orcwg/cra-hub)** - Want an overview of our CRA-related work? This is the place to do it. ## How to contribute +### Step 1 - Stay up to date by joining our meetings and communication channels - **Join our calls**. Our [meetings](https://github.com/orcwg/orcwg/blob/main/MEETINGS.md) are public and open to all. ([iCal format](https://calendar.google.com/calendar/ical/c_7db8e3f13c4fac984103918a97c704bb1d619da0fdb66d33f1747849b6020aea%40group.calendar.google.com/public/basic.ics)) - **Subscribe to our [mailing List](https://accounts.eclipse.org/mailing-list/open-regulatory-compliance)** ([Archive](https://www.eclipse.org/lists/open-regulatory-compliance/maillist.html)) - **Join our [Slack](https://orcwg.slack.com/) channel** ([Request invitation](https://join.slack.com/t/orcwg/shared_invite/zt-2vi7gi5ad-re2b35i95ar3WaVF2zoZaA)) -Some key ongoing activities in which you can engage with us: +### Step 2 - Participate in our ongoing activities. +- **White paper on Open Source project types** - Find the details [here](https://github.com/orcwg/cra-hub/tree/project-types/white-papers/project-types) and the Contributing Guidelines [here](link to be added) +- **Vulnerability Management Task Force** - Check its objectives [here](). If you are ready to join and contribute check [here]() how to do it. +### Step 3 - Prepare for what is coming +- Check the [**Deliverable Plan**](https://github.com/orcwg/orcwg/blob/main/cyber-resilience-sig/deliverables.md#deliverables-plan) and get ready to contribute to them. + +## The CRA FAQ +The CRA FAQ is a community effort for clarifying parts of the CRA text and related obligations in regards to how the Open Source Community is impacted. +### Contribute to the FAQ +Contributing the FAQ is fairly easy, just follow this flow +```mermaid +flowchart TD + + B[Open the CRA FAQ Project ] + C[Do you have a question?] + + D1[Browse the repo to see if your question is already listed] + D2[Is your question in the list?] + E1[Join the existing conversation] + E2[Do you have additional insights?] + F1[Contribute to the discussion] + F2[Learn from the community's shared knowledge] + + G[Add a new issue with your question and tag it by category] + + B --> C + C -->|Yes| D1 --> D2 + D2 -->|Yes| E1 --> E2 + E2 -->|Yes| F1 + E2 -->|No| F2 + D2 -->|No| G + C -->|No| F2 +``` ### I'm a developer/maintainer in an open source project - Here you have a few pointers that can help you in your work towards compliance: - [CRA FAQs for maintainers](https://github.com/orcwg/cra-hub/blob/main/faq.md#maintainers) - [CRA FAQs open conversations for maintainers](https://github.com/orgs/orcwg/projects/7/views/2) - - [Vulnerability handling specification](https://github.com/orcwg/vulnerability-management-spec) - we'd like to have you contributing to this specification. **This is the first obligation under the CRA**. ### I work for an OSPO - Specific actions for - [CRA FAQs for manufacturers](https://github.com/orcwg/cra-hub/blob/main/faq.md#manufacturers) - [CRA FAQs open conversations for manufacturers](https://github.com/orgs/orcwg/projects/7/views/4) - - Attestation programs, SBOMs, due diligence for manufacturers… there are multiple [deliverables](https://github.com/orcwg/orcwg/tree/main/cyber-resilience-sig#deliverables) waiting for your contributions. ### I work for a Steward - [CRA FAQs for Stewards](https://github.com/orcwg/cra-hub/blob/main/faq.md#open-source-software-stewards) - [CRA FAQs open conversations for stewards](https://github.com/orgs/orcwg/projects/7/views/3) -- [Vulnerability handling specification](https://github.com/orcwg/vulnerability-management-spec) - Contribute and stay up to date. **This is the first obligation under the CRA** From 4d8b04e5bbeb9d4395447a98a7c246623ebf94bf Mon Sep 17 00:00:00 2001 From: Juan <137221298+jrico-eclipse@users.noreply.github.com> Date: Thu, 29 May 2025 17:42:45 +0200 Subject: [PATCH 2/2] Removing the graph It was super confusing there Signed-off-by: Juan <137221298+jrico-eclipse@users.noreply.github.com> --- profile/README.md | 24 ------------------------ 1 file changed, 24 deletions(-) diff --git a/profile/README.md b/profile/README.md index 3617092..0217e11 100644 --- a/profile/README.md +++ b/profile/README.md @@ -26,31 +26,7 @@ The ORC WG main focus today is on supporting the open source community in develo ## The CRA FAQ The CRA FAQ is a community effort for clarifying parts of the CRA text and related obligations in regards to how the Open Source Community is impacted. -### Contribute to the FAQ -Contributing the FAQ is fairly easy, just follow this flow -```mermaid -flowchart TD - - B[Open the CRA FAQ Project ] - C[Do you have a question?] - D1[Browse the repo to see if your question is already listed] - D2[Is your question in the list?] - E1[Join the existing conversation] - E2[Do you have additional insights?] - F1[Contribute to the discussion] - F2[Learn from the community's shared knowledge] - - G[Add a new issue with your question and tag it by category] - - B --> C - C -->|Yes| D1 --> D2 - D2 -->|Yes| E1 --> E2 - E2 -->|Yes| F1 - E2 -->|No| F2 - D2 -->|No| G - C -->|No| F2 -``` ### I'm a developer/maintainer in an open source project - Here you have a few pointers that can help you in your work towards compliance: - [CRA FAQs for maintainers](https://github.com/orcwg/cra-hub/blob/main/faq.md#maintainers)