European laws have come a-knocking to Open Source "supply chains".

From now on, volunteers are expected to step up and make new metadata available across projects and communities, and open the doors for populating new SBOM objects so we can track all kinds of parameters along these "chains," across ecosystem boundaries, and well into the back-rooms of businesses.

The goals are good. The problem space seems daunting. How does one even start to approach this mountain of madness?

In this talk, Salve J. Nilsen will summarize the CPAN perspective – The Comprehensive Perl Archive Network has been around since 1995, and with much history embedded in its bones, has over the decades shown it is a dependable partner for developers. But with the establishing of the CPAN Security Working Group, changes are looming. Let's share some thoughts and ideas, and explore the problem space together!