On 20 Dec 2024, at 15:18, Brian Fox via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx> wrote:
> There's clearly work to be done to tighten the understanding. The flow chart shared earlier doesn't quite map to what I had understood. It seemed like the Steward category was created to generally cover more of the umbrella organizations that assist/sponsor/host
many oss projects. Things like Eclipse, LF, ASF, Github and also things like Maven Central, Pypi etc.
I can also see it fit very easily to small, single project open source - i.e. where there is not really an umbrella - but simply a group of diligent people which are sufficiently diverse to do normal, 4 eye, peer reviewed release engineering and with enough
organisational capability/collective disciple to do triage based bug/vulnerability follow up. Of which there are actually quite a lot.
In a way - I am way more worried about existing umbrella organisations that try to solve this not by having the community embrace good release engineering - but instead start paying non-volunteers to introduce processes & then end up having to pay `leaders’
to enforce/keep-save projects by pushing for paperwork. And then end up having to focus on ‘getting money’ - as opposed to being a good house for their community.
And then you get into the same problem you so often see at companies - a paper dragon that does probably does nothing but provide rope to the regulator/insurance to hang you - while getting in the way of the engineers*.
So am hoping we can collectively avoid that. And focus on industry good release engineering - and making that equivalent to ’this is how you do the CRA’.
Dw
*:
https://urldefense.com/v3/__https://www.youtube.com/watch?v=vJV7TUF9Gxw__;!!NpxR!jqH4i-mFwFL78oru3GRYB1XbHQvbmZHemKtwMtX_pd7_h3l4cs5fEb_vMaaKbI1jw7RrTvLVQuAoe8cSZufHe2Wf7IUY$ — Mike Wazowski, you didn't file your paperwork last nigh. Again.
_______________________________________________
open-regulatory-compliance mailing list
open-regulatory-compliance@xxxxxxxxxxx
To unsubscribe from this list, visit
https://urldefense.com/v3/__https://accounts.eclipse.org__;!!NpxR!jqH4i-mFwFL78oru3GRYB1XbHQvbmZHemKtwMtX_pd7_h3l4cs5fEb_vMaaKbI1jw7RrTvLVQuAoe8cSZufHe0iByyJf$