Re: [open-regulatory-compliance] Maintainer considering removing project

[Dirk-Willem van Gulik <dirkx@xxxxxxxxxxxx>]

On 20 Dec 2024, at 15:18, Brian Fox via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx> wrote:

> There's clearly work to be done to tighten the understanding. The flow chart shared earlier doesn't quite map to what I had understood. It seemed like the Steward category was created to generally cover more of the umbrella organizations that assist/sponsor/host many oss projects. Things like Eclipse, LF, ASF, Github and also things like Maven Central, Pypi etc. 

I can also see it fit very easily to small, single project open source - i.e. where there is not really an umbrella - but simply a group of diligent people which are sufficiently diverse to do normal, 4 eye, peer reviewed release engineering and with enough organisational capability/collective disciple to do triage based bug/vulnerability follow up. Of which there are actually quite a lot.

In a way - I am way more worried about existing umbrella organisations that try to solve this not by having the community embrace good release engineering - but instead start paying non-volunteers to introduce processes & then end up having to pay `leaders’ to enforce/keep-save projects by pushing for paperwork. And then end up having to focus on ‘getting money’ - as opposed to being a good house for their community.

And then you get into the same problem you so often see at companies - a paper dragon that does probably does nothing but provide rope to the regulator/insurance to hang you - while getting in the way of the engineers*.

So am hoping we can collectively avoid that. And focus on industry good release engineering - and making that equivalent to ’this is how you do the CRA’.

Dw

*: https://www.youtube.com/watch?v=vJV7TUF9Gxw — Mike Wazowski, you didn't file your paperwork last nigh. Again.