David A. Wheeler
David A. Wheeler
The problem is space. I could add an icon (like "thumbs-up" or "check") to its right, but since people are typing in code, space is already at a premium (ESPECIALLY...
I've gotten a lot of "please don't", so I'll quietly close this :-).
We now have https://bp.openssf.org working. The DNS is set up, TLS is working and enforced, and the pages in /docs are automatically regenerated whenever the markdown is merged into the...
> create a publishing process of some kind to publish these guides on openssf.org rather than in github directories. Two quick clarifications: 1. We'll still *edit* these guides on GitHub....
NB: The "bp.openssf.org" domain is not longer available. Stay tuned for the all-new "best.openssf.org" domain! See: https://github.com/ossf/wg-best-practices-os-developers/issues/162
Note: The ".html" suffix will be *optional* (unless we change our configuration). So once best.openssf.org is working with TLS, we can use these links: * https://best.openssf.org/Concise-Guide-for-Developing-More-Secure-Software * https://best.openssf.org/Concise-Guide-for-Evaluating-Open-Source-Software
We've now done this for the concuse guides. Now we can discuss if this is a template we should follow.
It can become a security risk, because an incompatible license change sometimes means you can't upgrade AND there's no useful alternative. As a result, when (not if) a vulnerability is...
As noted in [Open Source is Bigger than You can Imagine](https://anchore.com/blog/open-source-is-bigger-than-you-imagine/), there are a *huge* number of OSS projects (including important projects) that have exactly one maintainer. There are a...
By the way, people sometimes complain that "OSS doesn't get enough funding", yet I personally think this is an opportunity to help. US government, if you want a self-attestation, that's...