Title
#core
s

seph

04/07/2021, 2:52 PM
Relatedly, there’s always a pile of stuff hanging around https://bestpractices.coreinfrastructure.org/en/projects/3125
Mike Myers

Mike Myers

04/07/2021, 3:22 PM
Yea, "have an assurance case" is actually something that would check one of the Silver requirements
s

seph

04/07/2021, 3:23 PM
I want to love the bestpractices project, but I end up feeling like it’s some weird committee driven mishmash of mediocre ideas.
3:23 PM
“have a roadmap extending a year” makes no real sense for any kind of core infra project. Like. what do you think apache’s roadmap is? “Keep working. Go faster. Works with standard bodies on http vwhatever”
3:24 PM
Or “have a test suite that captures bugs found”. Like maaaaybe? That’s complicated. And depends on how subtle the bug is
s

seph

04/07/2021, 3:26 PM
I can rattle off several things it might be cool for osquery to do, But roadmap implies committed resources, and I don’t really feel like we have that, And TBH I’m not sure it would benefit the project. Or even make it seem like we’re more active. I dunno. it’s like some central planning vs democracy style argument
Mike Myers

Mike Myers

04/07/2021, 3:27 PM
yea we can't plan a roadmap with a timeline because the funding/contribution isn't that predictable
3:27 PM
it'd just end up with a lot of people asking when we're going to get done, is it done yet, is it done yet?
s

seph

04/07/2021, 3:28 PM
Yep
Mike Myers

Mike Myers

04/07/2021, 3:30 PM
But if someone has the credentials to this site, we can honestly check more of these Gold tier boxes. https://bestpractices.coreinfrastructure.org/en/projects/3125?criteria_level=2#analysis • at least two unassociated significant contributors • include a copyright statement in each source file, identifying the copyright holder • include a license statement in each source file. • have at least 50% of all proposed modifications reviewed before release by a person other than the author
s

seph

04/07/2021, 3:31 PM
I have access. I’m not sure who else does. Either github owners or committers probably, so you might
3:35 PM
Though I did just checky those