|
A potential best practice 4 messages
Hi, Someone pointed me to this list of projects which maintain a list of "easy bugs" for beginners to work on, so that they can gain experience with contributing to the project: https://openhatch.org/
Hi, Someone pointed me to this list of projects which maintain a list of "easy bugs" for beginners to work on, so that they can gain experience with contributing to the project: https://openhatch.org/
|
By
Emily Ratliff
·
|
|
we should talk to / work with TODO Group 2 messages
Hi! We should talk with the TODO Group about their input on best practices for running an open source project. TODO is a roundtable of Open Source Program Offices, as has such has a lot of experience
Hi! We should talk with the TODO Group about their input on best practices for running an open source project. TODO is a roundtable of Open Source Program Offices, as has such has a lot of experience
|
By
Atwood, Mark
·
|
|
Require tests for major feature editions? (Issue #2)
In pull request #1, Greg KH made this suggestion for a criterion: "Tests for major feature additions as without some kind of test being present, it's hard to verify if something new even works. This i
In pull request #1, Greg KH made this suggestion for a criterion: "Tests for major feature additions as without some kind of test being present, it's hard to verify if something new even works. This i
|
By David A. Wheeler
·
|
|
Prevent privacy being unintentionally leaked 8 messages
I would like to suggest not only the intrinsic value of privacy but that leaking data poses unique security challenges, therefore protecting user privacy is a valuable piece of criteria that ought to
I would like to suggest not only the intrinsic value of privacy but that leaking data poses unique security challenges, therefore protecting user privacy is a valuable piece of criteria that ought to
|
By
Mike S
·
|
|
Current authentication plans
An important issue is how to handle authentication. Below is our current plan, which may change (suggestions welcome). --- David A .Wheeler ===========================================================
An important issue is how to handle authentication. Below is our current plan, which may change (suggestions welcome). --- David A .Wheeler ===========================================================
|
By David A. Wheeler
·
|
|
certification -vs- guide 8 messages
Dear David and List, The current criteria (v 0.0.4) includes best practices on both quality and security. It sets requirements for a (self) certification program, but also gives recommendations and de
Dear David and List, The current criteria (v 0.0.4) includes best practices on both quality and security. It sets requirements for a (self) certification program, but also gives recommendations and de
|
By
Enos
·
|
|
BadgeApp: Proposed table field implementation approach 2 messages
Here's a technical approach for implementing the "BadgeApp" application that I think would be useful. The goal is to make the application DRY by generating the form directly from the criteria text. Th
Here's a technical approach for implementing the "BadgeApp" application that I think would be useful. The goal is to make the application DRY by generating the form directly from the criteria text. Th
|
By David A. Wheeler
·
|
|
certification -vs- guide 4 messages
Wheeler, David A wrote >> [...] I suggest to deliberately ignore technical difficulties [...] > > If the bar is set too high, most projects will not try. > [...] > It really will be a challenge to avo
Wheeler, David A wrote >> [...] I suggest to deliberately ignore technical difficulties [...] > > If the bar is set too high, most projects will not try. > [...] > It really will be a challenge to avo
|
By
Enos
·
|
|
Good stuff - Criteria! 5 messages
Trevor Vaughan and Bob Basques recently posted some comments about OSS badges and their criteria on a different mailing list. Their comments are reposted below. I have asked them to further discuss th
Trevor Vaughan and Bob Basques recently posted some comments about OSS badges and their criteria on a different mailing list. Their comments are reposted below. I have asked them to further discuss th
|
By David A. Wheeler
·
|
|
Proposals for precise rating and optional badges 3 messages
Dear David and list, I glued together some existing ideas and came up with two proposals, for implementing respectively precise rating and optional badges. Since at the moment this is not a priority,
Dear David and list, I glued together some existing ideas and came up with two proposals, for implementing respectively precise rating and optional badges. Since at the moment this is not a priority,
|
By
Enos
·
|
|
Git and tags
Hi All, Just going through another round of edits and I came across the following criterion. 'It is RECOMMENDED that git users apply tags to releases'. I'm not familiar with version control software,
Hi All, Just going through another round of edits and I came across the following criterion. 'It is RECOMMENDED that git users apply tags to releases'. I'm not familiar with version control software,
|
By Alton Blom
·
|
|
Vulns criticality 5 messages
Hi All, The phrase 'A vulnerability is medium to high severity if its CVSS 2.0 base score is 4 or higher.' is used multiple times throughout the criteria. I've got a few ideas we could use to reduce t
Hi All, The phrase 'A vulnerability is medium to high severity if its CVSS 2.0 base score is 4 or higher.' is used multiple times throughout the criteria. I've got a few ideas we could use to reduce t
|
By Alton Blom
·
|
|
Brainstorming: additional topics for the criteria 6 messages
Dear David and list, I came up with this list of proposed requirements and recommendations to be added to the current criteria. I would suggest only extracting or discussing valuable material (if anyt
Dear David and list, I came up with this list of proposed requirements and recommendations to be added to the current criteria. I would suggest only extracting or discussing valuable material (if anyt
|
By
Enos
·
|
|
Revoking badges if there are "too many" vulnerabilities 4 messages
First, a recap. Enos proposed: > VULNERABILITIES > Do not only measure efforts but also results: if too many > vulnerabilities are discovered (e.g. total CVSS points per number of > lines of code in a
First, a recap. Enos proposed: > VULNERABILITIES > Do not only measure efforts but also results: if too many > vulnerabilities are discovered (e.g. total CVSS points per number of > lines of code in a
|
By David A. Wheeler
·
|
|
Feedback on current criteria 3 messages
Hi All, Been lurking for a few weeks, but enjoying the conversation. It’s REALLY nice to see some organized effort around the topic of best practices and code quality. As someone that has focused heav
Hi All, Been lurking for a few weeks, but enjoying the conversation. It’s REALLY nice to see some organized effort around the topic of best practices and code quality. As someone that has focused heav
|
By Sean
·
|
|
Press 2 messages
Yay! there's a line about the badge (accreditation) project in this article .... http://www.techweekeurope.co.uk/security/security-management/linux-foundation-open-source-security-2-178653 "The CII al
Yay! there's a line about the badge (accreditation) project in this article .... http://www.techweekeurope.co.uk/security/security-management/linux-foundation-open-source-security-2-178653 "The CII al
|
By Alton Blom
·
|
|
links to project 2 messages
hi everyone, looks like there's a lot of activity at the moment, there is currently a link on readme.md for the BadgeApp Implementation notes. I see that we now have the flair / badge on readme.md. Is
hi everyone, looks like there's a lot of activity at the moment, there is currently a link on readme.md for the BadgeApp Implementation notes. I see that we now have the flair / badge on readme.md. Is
|
By Alton Blom
·
|
|
Style Guidelines
Hi David, I noticed that coding style guidelines are only a SHOULD. Colin Percival did an experiment with FreeBSD where he divided the code into 50% stylish / 50% not-stylish based on the code's consi
Hi David, I noticed that coding style guidelines are only a SHOULD. Colin Percival did an experiment with FreeBSD where he divided the code into 50% stylish / 50% not-stylish based on the code's consi
|
By
Emily Ratliff
·
|
|
Naming current & future badging levels 2 messages
Here’s where I *think* we are going in terms of naming levels. First, the small badge (to show on GitHub, etc.) will show "cii best practices" - all lower case. Dan made the interesting observation th
Here’s where I *think* we are going in terms of naming levels. First, the small badge (to show on GitHub, etc.) will show "cii best practices" - all lower case. Dan made the interesting observation th
|
By David A. Wheeler
·
|
|
The welcome mat is out!
There have been a number of code-level changes recently, including ones that I hope will make it easier for others to get involved. I documented in doc/INSTALL.md the steps to install a development en
There have been a number of code-level changes recently, including ones that I hope will make it easier for others to get involved. I documented in doc/INSTALL.md the steps to install a development en
|
By David A. Wheeler
·
|