I improved the OpenHub profile by adding the Mercurial repo (it's finishing to analyze it)... https://www.openhub.net/p/dropbear 2017-09-15 17:15 GMT+02:00 timofonic timofonic

I reactivated it on OpenHub https://www.openhub.net/p/zlib 2017-09-15 17:31 GMT+02:00 timofonic timofonic <timofonic@...>:

I forgot to mention this email idea born from the following GitHub issue tracker: https://github.com/madler/zlib/issues/299 2017-09-15 16:58 GMT+02:00 timofonic timofonic <timofonic@...>:

Hello. Here's a proposal to the census: Dropbear Website (90s design, but it seems effective despite not having an own domain): https://matt.ucc.asn.au/dropbear/dropbear.html Contributors: Mostly

Hello. Here's a proposal to the census: zlib Website (90s design, does it count as site?): http://zlib.net Contributors: Only Madler (the famous Mark Adler from JPI's NASA) since 2013. Before that,

Kit: On Jan 28, 2016, at 8:51 AM, Emily Ratliff <eratliff@...> wrote: Actually, ntp was identified as a risky program. The more detailed paper D-5459 has more info that you (Kit) may

I had to look up 'OG'. :-) Always good to learn new lingo. Absolutely agree with your sentiment. As projects mature and grow larger, the barriers to entry also grow larger in that the amount of

Thanks for the update Emily. Yeah, some of these ‘OG’ projects are tough to track for sure. :) Perhaps that is why they are less popular? Kit

This is likely a quirk in the data. CII does fund the NTP project for ongoing maintenance work (part-time - the project certainly could use additional funding). They don't use the github repository as

as an aside, from Kit: The NTP problem is really bugging me. Not even recognized as a top-10 ‘risk’ as defined by the CII Census (https://www.coreinfrastructure.org/programs/census-project) with

as an aside, from Kit: The NTP problem is really bugging me. Not even recognized as a top-10 ‘risk’ as defined by the CII Census (https://www.coreinfrastructure.org/programs/census-project) with

Sebastian Benthall: The title of the supporting paper gives that away: "Open Source Software Projects Needing Security Investments". The CII project was started, in part, as a response to the

Glad to! I see. That makes sense. One thing I'm trying to get a sense of (and I still need to read the paper very thoroughly to find out) is what exactly the "risk" you a measuring is risk of. That

Sebastian Benthall: Thanks! We run this as an open source software project - if you have an idea for an improvement, please propose it via pull request, issue tracker, or mailing list. A serious

Hello! Thanks for inviting me to participate in this project. At Selection Pressure, we are looking at ways to incorporate project risk measurements into one of our products. The CII Census looks like

Hello PaX Team, Spender, After spending a few weeks meditating on this thread and its responses, it strikes me that the best thing to do might be to, in fact, apply to the CII. The initial discussion

Seems like there are a number of thoughts, and a general consensus that grsecurity is useful and used and deserves support. Cool! OK. What's missing is a proposal, tying funding to specific outcomes.

I'm pretty far from the kernel development community. I know the generalities we've seen in this threat about different communities attitudes about mainlining, and I understand that pretty much

I believe I may not have communicated my thoughts as clearly as I should have, so I'll attempt to clarify :-) First, it's absolutely true that long-term viability is a component of funding decisions.

On 21 Aug 2015 at 18:19, Kevin P. Fleming (BLOOMBERG/ 731 LEX) wrote: Hi Kevin, first of all, thanks for your detailed response and new information that I was not aware of. However as much as it