Summary
The repository has an open PR #1579 that adds docs/openssf/*, but there is no issue tracking that documentation work.
Problem
Security and supply-chain expectations are easier to maintain when the project has an explicit record of which OpenSSF baseline practices it is targeting and how contributors can evaluate current status. Right now that effort is only visible in the PR itself.
Impact
Without a tracked issue, it is harder to:
- discuss which OpenSSF baseline levels are in scope for the project
- review the documentation as part of a broader security roadmap
- follow up on gaps between current practice and the documented baseline
Suggested scope
- add OpenSSF baseline documentation under
docs/openssf/
- describe the intended level(s) and what is already satisfied vs still pending
- link the docs from the main contributor or security documentation entry points
Related work
Summary
The repository has an open PR #1579 that adds
docs/openssf/*, but there is no issue tracking that documentation work.Problem
Security and supply-chain expectations are easier to maintain when the project has an explicit record of which OpenSSF baseline practices it is targeting and how contributors can evaluate current status. Right now that effort is only visible in the PR itself.
Impact
Without a tracked issue, it is harder to:
Suggested scope
docs/openssf/Related work