Supply Chain Integrity, Transparency, and Trust
charter-ietf-scitt-01

I am trying to understand the use case. It seems to focus on a decentralized structure. Do the proponents mean that every part of the supply chain runs their own decentralized merkle tree? (in which case, does it really need to be a merkle tree). Or is this truly decentralized, in which case what is the incentive to keep running these nodes ?

The charter seems to still have some issues... not to the point of a BLOCK ballot though.

1/ the last T in SCITT (trust) does not often appear in the charter.

2/ the first line should also be clear that this is about the SW supply chain (I appreciate the added sentence in the first paragraph, but let's be clear even in the first sentence).

3/ "SCITT will initially focus on the software supply chain" is it "initially" or "only" ? Should the WG be rechartered to go beyond ?

4/ Unsure whether "The WG may refine the input document on the architecture in the process." sentence brings any value as it is implicit IMHO.

5/ it is very long...

Hope it helps

-éric

draft-birkholz-scitt-architecture-00 is mentioned as the starting point, but the current version is already -01.  If it needs to be mentioned, don't include the version.

Given that program of work includes work already covered in draft-birkholz-scitt-architecture, perhaps the first action of the WG should be its adoption (vs. it being specified as the starting point, even if the text does say that the "WG may refine the input document on the architecture in the process").

I believe it is better for a WG to reach consensus on the seed document than for it to be included in the charter.  It is not a blocking position, just food for thought.