One Beyond Open Source Maintainers Meeting 2023-06-01
Use github alias
- Admins team: @onebeyond/admins
- Maintainers team: @onebeyond/maintainers
- Ulises Gascon: @ulisesgascon
- Íñigo Marquínez Prado: @inigomarquinez
- Àlex Serra: @Bounteous17
- Carlos Serrano: @carpasse
- Nick Skliar-Davies: @nickskliar-davies
Review Scorecard results
FEATURE: Open Source manifesto
- See #84
- Draft sent and expected to be closed this week and open a PR so any employee can sign it. It will be available in the maintainers web.
- See #82
- Ulises added an extension but we still need to add some additional information with a TODO / checklist that a project needs to achieve to reach that tier. We still need a lot of fine grain details with good examples or references. But this is a great starting point.
GitHub new features (Roadmap and tasklist)
- See #65
- License checker and cuckoo will be used as MVP
- We will need to add documentation/guide to explain how to build a roadmap
- Roadmaps can focus on Quarter objectives or release features, depending on the team preferences
- Another advantage is that having a roadmap may attract people from inside and outside the organization so they know how they can get involved.
FEATURE: Release drafter
- See #58
- Iñigo developed this POC and performed a demo to the team.
- We'll test it in a real repo (license-checker) and in a mono-repo (Ulises offer the option to use the repo UlisesGascon/micro-utilities)
- More feedback in 2 weeks
- Ulises suggested to add the new provenance system in NPM and SLSA framework
Checklist for existing and new repositories
- See #42
- Alex checking the documentation in terraform but he hasn't started the development yet.
- Let's go granular. We can start by checking that the main branch is protected.
- Minimum functionality of the repo created Alex is covered. We can include it in the next agenda.
- Include terraform POC in the next agenda
OpenSSF Scorecard implementation
- See #41
- Next step is to define a KS session to explain how the score card works, what does it analyze, how to implement it in your repositories, how to fix what the score card suggests, ... Mechanisms so others join the org and can do PRs related to improving the score card. We can even include it in the guidelines.
- We need to investigate how to call the Nuget api or Golang api to get information from projects that are not published in npm.
- We plan to move the maintainers web to opensource.one-beyond.com, this will be only a DNS record change.
- Tomorrow Ulises will present the Open Source strategy in the Company All Hands meeting.
- Next meeting will be in two weeks (15th June 2023)