Re: [open-regulatory-compliance] Maintainer considering removing project

[Prabhu Subramanian <prabhu@xxxxxxxxxxxxx>]

Based on a very quick skim read of the crontier repo:

1. The project is doing a little too much. It supports many styles of cron formats with some interesting regex-based lookups.
2. It currently lacks any fuzzing setup, despite its use in several critical projects.
3. Releases were made to PyPI directly from a local machine.

While a more relaxed approach might be acceptable for a small hobby project, the maturity and importance of Crontier justify more rigorous oversight and better release practices.

Best,

Prabhu

On Thu, Dec 19, 2024 at 3:49 PM Seth Michael Larson via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx> wrote:

Hello all, hope you are doing well.

I was shared this example by Jarek Potiuk from Airflow, a case where an open source maintainer is planning to completely remove their project from PyPI due to the CRA uncertainty and obligations. I think this shows how important having a factual, up-to-date, TLDR-style blog post about the current state of affairs would be from our group, especially for open source projects under foundations and those maintained by individuals.

Seth Larson

_______________________________________________
open-regulatory-compliance mailing list
open-regulatory-compliance@xxxxxxxxxxx
To unsubscribe from this list, visit https://accounts.eclipse.org