[PROPOSAL] Obtain OpenSSF Best Practices Passing Badge

[davidlago]

What/Why

What are you proposing?

Let's earn the OpenSSF Best Practices Passing Badge!

“A CII Best Practices badge, especially a gold badge, shows that an OSS project has implemented a large number of good practices to keep the project sustainable, counter vulnerabilities from entering their software, and address vulnerabilities when found.” – David A. Wheeler, Director of Open Source Supply Chain Security. See full article.

References

• https://bestpractices.coreinfrastructure.org/en
• https://bestpractices.coreinfrastructure.org/en/criteria/0?details=true&rationale=true
• https://www.linuxfoundation.org/blog/blog/why-cii-best-practices-gold-badges-are-important

[davidlago]

I'm starting to go through the questionnaire. I will create sub-issues for each one of the criteria we might not be meeting in order to address (or eventually close this if we are in a passing state, and submit a PR to add the badge to our repo's README).

[davidlago]

Now that #94 has been closed, time to revisit the form and see if we can get that badge!

[davidlago]

Related paper: PREPRINT: Do OpenSSF Scorecard Practices Contribute to Fewer Vulnerabilities?