Please select a specific project below for more information about its status.
|Developer Tools||In Progress (67%)||Specification, Library, Command Line Interface, etc.|
|WordPress Integration||Pending||Gossamer for WordPress themes/plugins|
|Composer Integration||Pending||Gossamer for PHP dependencies via Composer|
Gossamer Roadmap Overview
If you're interested, the History of Gossamer is contained on a separate page.
The ultimate goal of Gossamer is to ensure that PHP and WordPress developers have the capability of signing their open source software and verifying that the dependencies they install from third-party developers is authentic.
When we have succeeded at securing the PHP ecosystem, we intend to assist other ecosystems (e.g. Java, Node.js, Python, Ruby) in securing their open source software supply chains.
Order of Operations
- Write a formal specification, threat model, and design document.
- Develop a stable PHP library that implements the design.
- Develop a client-side library and server-side API that speak the protocol.
- Build the integration tooling for existing ecosystems (in parallel):
- Composer / Packagist
- Any others in PHP untouched by the above two
- Build Virtual Machine labs for testing the ecosystem defenses.
- Victory lap!
- Reach out to other package management software teams.