Yea, "have an assurance case" is actually something that would check one of the Silver requirements
s
seph
04/07/2021, 3:23 PM
I want to love the bestpractices project, but I end up feeling like it’s some weird committee driven mishmash of mediocre ideas.
“have a roadmap extending a year” makes no real sense for any kind of core infra project. Like. what do you think apache’s roadmap is? “Keep working. Go faster. Works with standard bodies on http vwhatever”
💯 1
Or “have a test suite that captures bugs found”. Like maaaaybe? That’s complicated. And depends on how subtle the bug is
I can rattle off several things it might be cool for osquery to do, But roadmap implies committed resources, and I don’t really feel like we have that,
And TBH I’m not sure it would benefit the project. Or even make it seem like we’re more active.
I dunno. it’s like some central planning vs democracy style argument
m
Mike Myers
04/07/2021, 3:27 PM
yea we can't plan a roadmap with a timeline because the funding/contribution isn't that predictable
it'd just end up with a lot of people asking when we're going to get done, is it done yet, is it done yet?
s
seph
04/07/2021, 3:28 PM
Yep
m
Mike Myers
04/07/2021, 3:30 PM
But if someone has the credentials to this site, we can honestly check more of these Gold tier boxes. https://bestpractices.coreinfrastructure.org/en/projects/3125?criteria_level=2#analysis
• at least two unassociated significant contributors
• include a copyright statement in each source file, identifying the copyright holder
• include a license statement in each source file.
• have at least 50% of all proposed modifications reviewed before release by a person other than the author
s
seph
04/07/2021, 3:31 PM
I have access. I’m not sure who else does. Either github owners or committers probably, so you might