@timlegge - Intends to join next PSC meeting to check progress
@stigtsp - how will certs be handled? Also, let’s get cryptographic primitives and secure RNG into core at the same time. @stigtsp will create tickets on https://github.com/Perl/perl5/issues (with optional help from @tux)
German Sovereign Tech fund
@garu applied for funding! Let’s hope this goes well. @oalders too!
@garu and @sjn to create a roadmap for SBOM implementation
@garu also interested in adding cpansa to OSV
Ongoing vulnerabilities
@stigtsp - investigating one possible upcoming issue
Secure by Default
@stigtsp - not much movement; PRs and updates to current efforts (cpanm and mojo) have been submitted; We’re hoping for their maintainers to resolve the issues raised in these.
@garu - Let’s remember to update relevant CVE’s and issue recommendations for tooling use.
@charsbar is working on MFA for PAUSE! We wish him success in his work.
Eclipse ORC WG
@sjn - Almost no progress in the WG. Exploring options.
Perl Toolchain Summit 2025
@garu - invitations have begun
@stigtsp, @sjn - looking for new candidates to invite: Rob would be a good candidate
@tux (first wave) will put @stigtsp, @sjn, and @timlegge on the invite list for the second wave
CycloneDX 1.7 Sustainability fields
@sjn - ongoing
CPAN Meta Requirements and PURLs
@sjn - stalled
POSIX::2008 vulnerabilities
@stigtsp - No movement. Need to create CVEs for https://github.com/briandfoy/cpan-security-advisory/blob/master/cpansa/CPANSA-POSIX-2008.yml
SBOM/Supply Chain
@sjn - Talked about metadata at LPW; Slides published; Talk expected to repeated at NUUG meeting November, and possibly at FOSDEM.
@stigtsp - happy with sjn’s talk!
CNA Update
@timlegge Review information to be submitted for CNA
