Open JustinGOSSES opened 2 days ago
Quick note, the official abbreviation for the Open Source Security Foundation is "OpenSSF" not "OSSF".
When we cite specific items (e.g., to give credit), we of course include citations.
As far as a general cross-link, we tend to hesitate if it's a for-profit organization, but it appears this is a non-profit. I'll ask & see if we have some policy against it; I don't know of one, but that probably should be checked. We have a lot of contributing organizations & we don't want to be unfair to any.
Thanks for the quick response. I'll correct that acronym spelling on the InnerSource Commons side.
Yep, totally makes sense to check for existence of a cross-linking policy.
Hi! I want to get some feedback before submitting a PR. This is directed at the Source-Code-Best-Practices content
The InnerSource Commons (ISC) is a foundation that "is a thriving community that empowers organizations and people worldwide to apply and gain the benefits of open collaboration in their internal work."
One of the recent projects of the ISC is content related to managing InnerSource at the program level, currently being integrated into a pre-existing GitBook. Part of that effort is guidance on source code management (SCM) for internal only code platforms. Currently, only GitHub is covered but there's a GitLab version in the works. The SCM section in the Git book has a a link https://innersourcecommons.gitbook.io/managing-innersource-projects/innersource-tooling to the OSSF SCM guidance .
Would the
ossf/wg-best-practices-os-developers
repo be willing to cross link back to the ISC SCM guidance document as we have linked to yours?There's a lot of overlap between the two guidance docs but also different perspectives taken, which I think is valuable. While OSSF's guidance focuses on individual settings and seems to imagine a scenario where a single instance is used for both public facing code and internal code, ISC's guidance focuses on layering settings and imagines a scenario where a single instance is only used for internal code.
I could imagine the cross-link being placed either in the first paragraph of the OSSF SCM guidance, similar to what is done on the ISC side, or as an additional section at the bottom of the page after all the guidance that's titled "Other perspectives" or something similar.