Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
s
seph
04/07/2021, 2:52 PMRelatedly, there’s always a pile of stuff hanging around https://bestpractices.coreinfrastructure.org/en/projects/3125
m
Mike Myers
04/07/2021, 3:22 PMYea, "have an assurance case" is actually something that would check one of the Silver requirements
s
seph
04/07/2021, 3:23 PMI want to love the bestpractices project, but I end up feeling like it’s some weird committee driven mishmash of mediocre ideas.
“have a roadmap extending a year” makes no real sense for any kind of core infra project. Like. what do you think apache’s roadmap is? “Keep working. Go faster. Works with standard bodies on http vwhatever”
💯 1
Or “have a test suite that captures bugs found”. Like maaaaybe? That’s complicated. And depends on how subtle the bug is
m
Mike Myers
04/07/2021, 3:25 PMs
seph
04/07/2021, 3:26 PMI can rattle off several things it might be cool for osquery to do, But roadmap implies committed resources, and I don’t really feel like we have that,
And TBH I’m not sure it would benefit the project. Or even make it seem like we’re more active.
I dunno. it’s like some central planning vs democracy style argument
m
Mike Myers
04/07/2021, 3:27 PMyea we can't plan a roadmap with a timeline because the funding/contribution isn't that predictable
it'd just end up with a lot of people asking when we're going to get done, is it done yet, is it done yet?
s
seph
04/07/2021, 3:28 PMYep
m
Mike Myers
04/07/2021, 3:30 PMBut if someone has the credentials to this site, we can honestly check more of these Gold tier boxes. https://bestpractices.coreinfrastructure.org/en/projects/3125?criteria_level=2#analysis
• at least two unassociated significant contributors
• include a copyright statement in each source file, identifying the copyright holder
• include a license statement in each source file.
• have at least 50% of all proposed modifications reviewed before release by a person other than the author
s
seph
04/07/2021, 3:31 PMI have access. I’m not sure who else does. Either github owners or committers probably, so you might
Though I did just checky those
🆒 1