User Tools

Site Tools


This is an old revision of the document!

Meeting Minutes 2017-09-05

Start: 1pm; End: 1:32pm (U.S. Central Time)

CHAOSS OS Summit North America Agenda

  • We have three events (Wiki will have most up-to-date information)
  • Monday, September 11 • 11:00am - 11:40am “Open Development Analytics: A Step Forward in Project Transparency”
    • Joint talk for the CHAOSS Committees
    • Jesus and Matt coordinate speakers
    • Other speakers might have one slide to present their work in 2 minutes
  • Monday, September 11 • 5:40pm - 6:20pm “BoF: Community Health Analytics for Open Source”
    • Short 40 minute Bird of a Feather
    • Focus is on community building and probably less on refining metrics
    • Matt will share slides on mailing list
  • Tuesday, September 12 • 2:00pm - 4:00pm “Breakout room to continue the work from the BoF” in room Diamond ballroom Salon 2 (~30 people)
    • Goal: Refine the “Growth - Maturity - Decline” metric
    • Currently not on schedule, but we will request to have it added
  • Can we record any of the sessions - maybe live stream?
    • We will ask everyone at the beginning of the session and then use personal devices to record/stream the session for those who cannot be present

Core Infrastructure Initiative (CII) Interest in Metrics

  • How can we connect the work of the CHAOSS Metrics Committee with CII?
  • Background information on CII Schedule: badging work took longer, so the census 2.0 is delayed
    • Census 2.0 asks: What is important and which projects are we interested in from a security perspective
    • CII Census is focusing on dependency analysis (beyond counting downloads)
  • Important questions
    • “What project is important?” - within larger ecosystem (= planet earth)
      • There are different ecosystems between software languages
    • “Which projects are critical from a security standpoint?”
  • Dependencies analysis data:
    • What ever data is available from package managers
    • Teaming up with
      • GHdata will share insights into using data on the mailing list
  • Goal of CII: Quantified and justifiable answers
  • Risk analysis?
    • Risk from a security perspective
    • More focus on unintentional risk
    • Avoid similar events to Heartbleed
    • CVE's are interesting but the quantitative number is not interesting in itself
    • Generating proper CPE's is a challenge - NIST wants to move away but the tooling is dependent on CPE right now

Infrastructure of CHAOSS Project

  • We have three spaces for the CHAOSS Project
    1. Website - (not yet online)
    2. Wiki -
      • We will move the CHAOSS Metrics Committee wiki over to the new namespace
    3. GitHub Reposiory -
      • Reference implementations will have a repository here
      • The metrics will have a repository, especially for versioning of SQL queries and other specifications
      • We will move content from the wiki to GitHub to declutter the wiki
      • Our repository will likely be a collection of markdown files
  • The founding of the CHAOSS Project will be announced in a blog post soon. Anyone who wants to be listed as a founding member should contact Kate or Ray to be included on the blog post


(alphabetical order)

  • Alex Courouble - Université de Montréal
  • Andy Leak - Independent software developer
  • Brian Proffit - Red Hat
  • David Wheeler - Core Infrastructure Initiative
  • Georg Link - University of Nebraska at Omaha
  • Kate Stewart - Linux Foundation
  • Kevin Lumbard - University of Nebraska at Omaha
  • Matt Germonprez - University of Nebraska at Omaha
  • Ray Paik - Linux Foundation, OPNFV
  • Sean Goggins - University of Missouri
  • Tom Mens - University of Mons
  • Zvi B. - Independent software developer
oss-health-metrics/minutes/2017-09-05-meeting.1504649527.txt.gz · Last modified: 2017/09/05 22:12 by GeorgLink