David A. Wheeler
David A. Wheeler
The [CII Best Practices Badge program "BadgeApp"](https://github.com/linuxfoundation/cii-best-practices-badge) uses this - thank you! You might want to modify your README to document how someone might use bad-passwords in other systems. The...
We want to move to Rails 7, and simultaneously migrate from attr_encrypted to Rails 7's built-in encryption system. In general we try to minimize our dependencies, and attr_encrypted's support seems...
In the (further future), allow users to 'subscribe' to projects so that they are notified when the badge changes state. I don't think we need that in the nearer term.
Implement rename CII->OpenSSF in the logo. We'll need a graphics artist. LF has a graphics group, they might be able to help. We'll need to decide what it should look...
This changes .ruby-version and the dockerfile. There are still steps to be done. I have not yet managed to post the updated container image. Instead I get this error: ~~~~...
We have *never* required that projects conduct their activities in any particular natural language, and of course we have localized the BadgeApp external interface to a variety of languages. However,...
If someone adds a GitHub repo that's private, we handle it correctly externally but through exception handlers. This creates absurdly long log entries like this: > Jan 01 22:20:13 production-bestpractices...
The main site is currently at: bestpractices.coreinfrastructure.org Which doesn't make sense because the CII no longer exists. We already renamed the project per this: , now we need to rename...
When running the test suite we see deprecation warnings; we need to fix them. The warnings are: ~~~~ WARNING: `Faraday::Connection#basic_auth` is deprecated; it will be removed in version 2.0. While...
Document that if we modify the badgeapp to fix weakneses / vulns, we'll follow SECOM Convention https://tqrg.github.io/sec-commits/