__**[[chaoss:metrics|<< Back to CHAOSS Metrics Committee]]**__ ====== Meeting Minutes 2017-09-05 ====== Start: 1pm; End: 1:32pm (U.S. Central Time) ===== CHAOSS OS Summit North America Agenda ===== * We have three events (Wiki will have most up-to-date information) * **Monday, September 11 • 11:00am - 11:40am** "Open Development Analytics: A Step Forward in Project Transparency" http://sched.co/Bsb2 * Joint talk for the CHAOSS Committees * Jesus and Matt coordinate speakers * Other speakers might have one slide to present their work in 2 minutes * **Monday, September 11 • 5:40pm - 6:20pm** "BoF: Community Health Analytics for Open Source" http:%%//%%sched.co/BCsP * Short 40 minute Bird of a Feather * Focus is on community building and probably less on refining metrics * Matt will share slides on mailing list * **Tuesday, September 12 • 2:00pm - 4:00pm** "Breakout room to continue the work from the BoF" in room Diamond ballroom Salon 2 (~30 people) * Goal: Refine the "Growth - Maturity - Decline" metric * Currently not on schedule, but we will request to have it added * Can we record any of the sessions - maybe live stream? * We will ask everyone at the beginning of the session and then use personal devices to record/stream the session for those who cannot be present ===== Core Infrastructure Initiative (CII) Interest in Metrics ===== * How can we connect the work of the CHAOSS Metrics Committee with CII? * Background information on CII Schedule: badging work took longer, so the census 2.0 is delayed * Census 2.0 asks: What is important and which projects are we interested in from a security perspective * CII Census is focusing on dependency analysis (beyond counting downloads) * Important questions * "What project is important?" - within larger ecosystem (= planet earth) * There are different ecosystems between software languages * "Which projects are critical from a security standpoint?" * Dependencies analysis data: * What ever data is available from package managers * Teaming up with libraries.io * GHdata will share insights into using libraries.io data on the mailing list * Goal of CII: Quantified and justifiable answers * Risk analysis? * Risk from a security perspective * More focus on unintentional risk * Avoid similar events to Heartbleed * CVE's are interesting but the quantitative number is not interesting in itself * Generating proper CPE's is a challenge - NIST wants to move away but the tooling is dependent on CPE right now ===== Infrastructure of CHAOSS Project ===== * We have three spaces for the CHAOSS Project - Website - (not yet online) - Wiki - https://wiki.linuxfoundation.org/chaoss * We will move the CHAOSS Metrics Committee wiki over to the new namespace - GitHub Reposiory - https://github.com/chaoss * Reference implementations will have a repository here * The metrics will have a repository, especially for versioning of SQL queries and other specifications * We will move content from the wiki to GitHub to declutter the wiki * Our repository will likely be a collection of markdown files * The founding of the CHAOSS Project will be announced in a blog post soon. Anyone who wants to be listed as a founding member should contact Kate or Ray to be included on the blog post ===== Attendance ===== (alphabetical order) * Alex Courouble - Université de Montréal * Andy Leak - Independent software developer * Brian Proffit - Red Hat * David Wheeler - Core Infrastructure Initiative * Georg Link - University of Nebraska at Omaha * Kate Stewart - Linux Foundation * Kevin Lumbard - University of Nebraska at Omaha * Matt Germonprez - University of Nebraska at Omaha * Ray Paik - Linux Foundation, OPNFV * Sean Goggins - University of Missouri * Tom Mens - University of Mons * Zvi B. - Independent software developer