Yea, "have an assurance case" is actually something that would check one of the Silver requirements
04/07/2021, 3:23 PM
I want to love the bestpractices project, but I end up feeling like it’s some weird committee driven mishmash of mediocre ideas.
“have a roadmap extending a year” makes no real sense for any kind of core infra project. Like. what do you think apache’s roadmap is? “Keep working. Go faster. Works with standard bodies on http vwhatever”
Or “have a test suite that captures bugs found”. Like maaaaybe? That’s complicated. And depends on how subtle the bug is
I can rattle off several things it might be cool for osquery to do, But roadmap implies committed resources, and I don’t really feel like we have that,
And TBH I’m not sure it would benefit the project. Or even make it seem like we’re more active.
I dunno. it’s like some central planning vs democracy style argument
04/07/2021, 3:27 PM
yea we can't plan a roadmap with a timeline because the funding/contribution isn't that predictable
it'd just end up with a lot of people asking when we're going to get done, is it done yet, is it done yet?
04/07/2021, 3:28 PM
04/07/2021, 3:30 PM
But if someone has the credentials to this site, we can honestly check more of these Gold tier boxes. https://bestpractices.coreinfrastructure.org/en/projects/3125?criteria_level=2#analysis
• at least two unassociated significant contributors
• include a copyright statement in each source file, identifying the copyright holder
• include a license statement in each source file.
• have at least 50% of all proposed modifications reviewed before release by a person other than the author
04/07/2021, 3:31 PM
I have access. I’m not sure who else does. Either github owners or committers probably, so you might