[Proposal] [Supply Chain Security] [Compromises Catalog] not-a-compromise.md

[zerb4t]

Description: Maintain a list of incidents that were assessed but do not meet the definition of a software supply chain security compromise

Impact: It helps the industry and the community be precise in their definition of software supply chain security compromises by describing prime examples that are NOT a software supply chain security compromise, regardless of their impact and visibility

Scope: A new append-only Markdown file under supply-chain-security/compromises called not-a-compromise.md with a very simple structure: year, URL(s), and a description of why it doesn't meet the definition.

Intent to lead:

• I volunteer to be a project lead on this proposal if the community is
  interested in pursing this work. This statement of intent does not preclude
  others from co-leading or becoming lead in my stead.

Proposal to Project:

This proposal is being raised on GitHub Issues.

• Added to the planned meeting template for mm dd
• Raised in a Security TAG meeting to determine interest - mm dd
• Collaborators comment on issue for determine interest and nominate project
  lead
• Scope determined via meeting mm dd and/or shared document add link
  with call for participation in #tag-security slack channel thread add link
  and mailing list email add link
• Scope presented to Security TAG leadership and Sponsor is assigned

TO DO

Happy to take the discussion to the appropriate forum, but planning for that to be GitHub Issues for now. I intend to follow up with a PR bootstrapping this idea.

• Security TAG Leadership Representative:
• Project leader(s):
• Issue is assigned to project leaders and Security TAG Leadership
  Representative
• Project Members:
• Fill in addition TODO items here so the project team and community can
  see progress!
• Scope
• Deliverable(s)
• Project Schedule
• Slack Channel (as needed)
• Meeting Time & Day:
• Meeting Notes (link)
• Meeting Details (zoom or hangouts link)
• Retrospective