Relatedly, there’s always a pile of stuff hanging around https://bestpractices.coreinfrastructure.org/en/projects/3125

Yea, "have an assurance case" is actually something that would check one of the Silver requirements

I want to love the bestpractices project, but I end up feeling like it’s some weird committee driven mishmash of mediocre ideas.

osquery roadmap 1.heic,osquery roadmap 2.heic,osquery roadmap 3.heic

I can rattle off several things it might be cool for osquery to do, But roadmap implies committed resources, and I don’t really feel like we have that, And TBH I’m not sure it would benefit the project. Or even make it seem like we’re more active. I dunno. it’s like some central planning vs democracy style argument

yea we can't plan a roadmap with a timeline because the funding/contribution isn't that predictable

Yep

But if someone has the credentials to this site, we can honestly check more of these Gold tier boxes. https://bestpractices.coreinfrastructure.org/en/projects/3125?criteria_level=2#analysis • at least two unassociated significant contributors • include a copyright statement in each source file, identifying the copyright holder • include a license statement in each source file. • have at least 50% of all proposed modifications reviewed before release by a person other than the author

I have access. I’m not sure who else does. Either github owners or committers probably, so you might