Most of the biggest repositories already cooperate through the OpenSSF[0]. Last time I was involved in it, there were representatives from npm, PyPI, Maven Central, Crates and RubyGems. There's also been funding through OpenSSF's Alpha-Omega program for a bunch of work across multiple ecosystems[1], including repos.[0] https://github.com/ossf/wg-securing-software-repos
[1] https://alpha-omega.dev/grants/grantrecipients/
No comments yet.