| Re: [open-regulatory-compliance] Open Source Steward: Role description |
On 2024-06-12 19:58:07 +0200 (+0200), Dirk-Willem van Gulik via open-regulatory-compliance wrote: > On 12 Jun 2024, at 16:41, Moser Sarah RDL DISDS3 via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx> wrote: > > > Maybe I am bit too deeply focused on details, but are there any > > initiatives to agree on and define the role of an Open Source > > Steward? It would definitely help the industry to find the right > > people or to develop them. > > That would be most useful - and get to the core of the mater; > vulnerability handling and risk based triage. CVEs and > solid/stable identifiers for CPEs; dealing with EOL’s; dealing > with retired packages and reports against these; dealing with > things like version numbers & what happens when you need to burn a > release/never release it, and so on. [...] Keep in mind that some foundations who assume they fall under the open source steward definition serve in a supporting role to volunteer communities, and its general collaborators in those communities who engage in and define policy and process for the activities you've listed. While expecting stewards to provide some guidance to their communities on applicability of emerging standards seems reasonable, I'd hate for an outcome of this to be a mandate for foundations taking over those tasks and wresting them from the hands of community contributors. -- Jeremy Stanley
Attachment:
signature.asc
Description: PGP signature