Re: Interest in ISO 27001 audit/certification for the Debian Project?

[Marc Haber <mh+debian-devel@zugschlus.de>]

On Tue, Nov 18, 2025 at 09:44:10AM +0000, Farruco wrote:
> TL;DR: Does Debian (via SPI) have plans or interest in pursuing ISO 27001
> certification for its development, maintenance, and operations? This
> could bolster assurance for users amid supply chain risks.

In my paid work, the work that I need to do do pay for housing and food, 
I have to jump through uncomfortable burning hoops. I have to present my 
ideas in front of committees full of people who don't have the knowledge 
or expertise to judge my ideas, but they still do. This has already 
taken the fun from my paid work 20 years ago.

As an unpaid volunteer, I do HATE the idea of the same hoops being 
placed inside Debian.

"Enterprise IT is like IT, just without the fun".

Going for this (or another) certification will take the fun out of 
Debian as well. Please don't. Debian doesn't need to sell anything.

Greetings
Marc

--
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany    |  lose things."    Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature |  How to make an American Quilt | Fax: *49 6224 1600421