Consider adding the software described in OIN's Linux System table

ossf / wg-securing-critical-projects

Helping allocate resources to secure the critical open source projects we all depend on.

Apache License 2.0

318 stars 34 forks source link

Consider adding the software described in OIN's Linux System table #40

Open bureado opened 2 years ago

bureado commented 2 years ago

The software in the OIN Linux System definition is described in a series of tables. Those tables can be browsed by technology area:

https://openinventionnetwork.com/linux-system-definition/table-10/breakdowns/originating-project/

Fun fact, Steve Winslow has published a table parser that outputs SPDX: https://github.com/swinslow/spdx-oin

Do we believe that inclusion in the OIN Linux System definition warrants defining a project as critical?

hyandell commented 2 years ago

I think that inclusion is a first step filter on critical.

i.e. if we had 5 levels, the OIN process is identifying at least a 3, but different packages may be 4 or 5. Then over time a project may EOL/depreciate in popularity and drop to a 1.