I finally pushed enough off my plate and found time to finish filling out BRL-CAD's badging, which I’d started 6 months ago. Happy to be #8 in the list and 28th to get to 100%. Here’s a retrospective with feedback.
In all, it took about 3 interrupted hours total to gather, fact check, and write up responses for all fields. Probably would have taken an hour uninterrupted. Getting to 100% passing was relatively easy for BRL-CAD with only one MUST item arguably being unmet beforehand (our website certificate didn’t match our domain, fixed). The rest was mostly a matter of documentation and elaboration.
Here’s my top-7 critical feedback:
1) Despite so many fields, it’s too easy to (falsely) pass. Looking at others with 100%, I would challenge some of the subjective MUST responses, and expect to be challenged in kind. Incorporating 3rd-party review gating before achieving 100% passing would increase overall value.
2) Taking a position on distributed vs centralized version control is contemporary flamebait, both with merit and downsides. There are robust examples of both being perfectly viable, secure, and best practice. Popularity should have no bearing on recommendations.
3) Most of the SUGGESTED items devalue the badge through dilution. Some could graduate to SHOULD (e.g., those under Quality) while the remainder offer little to no value (as they have no bearing on the badge and only increase burden). I would recommend removing the non-Quality ones.
4) Private reports MUST … be privately reportable. N/A notwithstanding, I don’t see how this could ever be Unmet. If there’s no private reporting mechanism, private reports are de-facto not supported.
5) "Working build system” is not strictly defined (perhaps intentionally) but “working” is the more questionable part. Flaky open source compilation is the epitome of “works for me” ignorance. Nobody with a build system will say it’s not working.
6) Treating warnings as errors shouldn’t be a suggestion. Projects SHOULD be maximally strict, treating warnings as errors, with minimal exceptions (e.g., less than 1 exemption per 100 files). Frankly, I think it should be a MUST.
7) The “BadgeApp” title on individual badging pages make for a terrible title when sharing with others (e.g., via Facebook). Suggest something like “CII’s Best Practices Badge for $project_name"