As we transition to SaaS capabilities my guess is direct use of OSS may trend "down"?

[byjrack]

If we think "use" beyond what might be in the releasable artifact to be the infra that is running that work this is not a new trend. What I think is interesting is we would pull in works to do some of this plumbing with license and security implications, but we are moving to a place where it is an opaque endpoint under commercial terms. How can we make sure that even if we use a managed K8s service how can we make sure the survey can reflect not just us using React, but also the CSP capabilities.

This has possible implications to declared/observed licensing for a work, attributions, and understanding your end to end supply chain.
I also think the ability to influence a project gets weird since your lens is a commercial distribution.

How can an OSPO include a commercial distribution on the end of an IP endpoint as part of our remit as it is still open projects and standards at heart.

[LawrenceHecht]

I believe we asked a question about open source components within a product -- that is worded so that includes commercial distributions.

The term "upstream" is supposed to differentiate between commercial vs "free" versions...

So, yes, direct use of OSS may trend down because of SaaS offerings, but I think the survey takes that into account.

[byjrack]

Yeah I read that as self installed/managed (e.g. RHEL) vs something you might get as a Service (managed K8s node or serverless worker) but could just be my reading. But yeah if you think we can capture the role of a CSP in the composition I am game to close.

[LawrenceHecht]

The CSP role is something I care about. Keeping it open for no and I'll circle back on this later.

[LawrenceHecht]

Not actionable, so closing.