<html> <head></head> <body> <p>Hi,<br><br>
I am a PhD student from NC State University researching software supply
chain security, specifically the secure use of third-party open
source packages. As part of our research, we have
developed an update audit tool, <a
href="https://github.com/nasifimtiazohi/depdive";>Depdive</a>, that
can analyze if the changes in a package update have passed through a code
review process. As part of an empirical evaluation, we studied the
update from version <b>17.5.0</b> to version <b>18.0.0</b> of your
package <a
href="https://github.com/pyca/pyopenssl";><i>pyopenssl</i></a>.<br><br>
As per our analysis, the update consists of 9 new commits. We determined that
all of the commits were reviewed by a second developer. Details for
each commit and the reasoning on how we determined if a commit was
reviewed are provided in the attached CSV file.<br><br> We are
reaching out to you as the maintainer(s) of <i>pyopenssl</i>, to
evaluate if you agree with our analysis. We invite you to fill out
<a href="https://forms.gle/LBwTcNs2tgHdHVwBA";>this short
<mark>survey</mark></a> to provide your opinion. The
survey should take five minutes at the maximum. Please also fill out
the <mark>unique ID 15678</mark> for the update discussed in this
email to help us track responses.<br><br> We thank you for
maintaining a great open source package. We would be grateful if you
help our research on how downstream users can use third-party
packages, like yours, securely in their supply chain.
Don't hesitate to contact me if you have any questions regarding this survey
or our research in general. More details on our study can be
found in our <a href="https://arxiv.org/pdf/2206.09422.pdf";>current
paper draft</a>.<br><br> Nasif Imtiaz<br> PhD Student<br>
NC State University<br> nasifimtiazohi.github.io</p>
</body> </html> Package,Commit,URL,IsCodeReviewed?,Code Review Method
pyopenssl,02261ad7a51f8cad31c548a67f8406a1ef5ff052,https://github.com/pyca/pyopenssl/commit/02261ad7a51f8cad31c548a67f8406a1ef5ff052,y,Reviewed on GitHub
pyopenssl,15c293505749cb8d2e65a1034e4ff03d26db3cf5,https://github.com/pyca/pyopenssl/commit/15c293505749cb8d2e65a1034e4ff03d26db3cf5,y,Reviewed on GitHub
pyopenssl,1ae7cb68cd285fe822c84d8e3198aff9716cf4e8,https://github.com/pyca/pyopenssl/commit/1ae7cb68cd285fe822c84d8e3198aff9716cf4e8,y,Reviewed on GitHub
pyopenssl,3d231f03ed24f760d1896f5e2be3adf1cbf13127,https://github.com/pyca/pyopenssl/commit/3d231f03ed24f760d1896f5e2be3adf1cbf13127,y,Reviewed on GitHub
pyopenssl,460a19d45425218c34dcb7d6fde478f80a987fea,https://github.com/pyca/pyopenssl/commit/460a19d45425218c34dcb7d6fde478f80a987fea,y,Reviewed on GitHub
pyopenssl,74de8a137d435d45c100b74cc971be556166a559,https://github.com/pyca/pyopenssl/commit/74de8a137d435d45c100b74cc971be556166a559,y,Reviewed on GitHub
pyopenssl,993c4e4afc4274019bdb835b64191afeed6c13b7,https://github.com/pyca/pyopenssl/commit/993c4e4afc4274019bdb835b64191afeed6c13b7,y,Reviewed on GitHub
pyopenssl,d072cae3a4e0d41602ffd0730a838fa12657ed4a,https://github.com/pyca/pyopenssl/commit/d072cae3a4e0d41602ffd0730a838fa12657ed4a,y,Reviewed on GitHub
pyopenssl,e7f334583541e1de98614e76a65b7d04e7be4979,https://github.com/pyca/pyopenssl/commit/e7f334583541e1de98614e76a65b7d04e7be4979,y,Reviewed on GitHub
_______________________________________________
Cryptography-dev mailing list
Cryptography-dev@python.org
https://mail.python.org/mailman/listinfo/cryptography-dev
