As an update on the issue of some fields being not entirely accurate. I am forwarding a message on behalf of @inferno-chromium, the maintainer of the https://github.com/ossf/criticality_score project that followed up on the [Github issue] I opened about this.
> Thanks for notifying us of the issue with incorrect project creation > date issue, we do plan to look into it and see feasibility of picking > the first commit date for accuracy. In case of openssl, it would have > little to no-impact on criticality score, as other factors clearly > indicate it is a super-critical project. These include things like > users dependent on openssl library, number of project contributors and > user activity in terms of issues filed, updated. [Github issue]: https://github.com/ossf/criticality_score/issues/14 On Fri, Dec 11, 2020 at 11:54 AM Nicola Tuveri <nic....@gmail.com> wrote: > > On Fri, Dec 11, 2020 at 11:23 AM Matt Caswell <m...@openssl.org> wrote: > > > > > > Actually according to the spreadsheet we are 5th (not 6th) - line 1 in > > the sheet is the title row. Linux takes 2 of the top spots, with git and > > php taking the other spots ahead of OpenSSL. > > > Good, it's good that the double review process catches my off-by-one > errors also on the mailing list ;) > > > > > > > Not sure I understand the "Releases (last yr)" column which says we did > > 41 releases - that's a number I can't reconcile with the actual number > > of releases we did. > > > > https://github.com/ossf/criticality_score/blob/59e449d5598de4f27a83070297e5779a4a3407b2/criticality_score/run.py#L96-L114 > > It seems to be an estimate based on the number of tags, as we don't do > github releases: > > ``` > RELEASE_LOOKBACK_DAYS=365 > (total_tags / days_since_creation) * RELEASE_LOOKBACK_DAYS > ``` > > This is definitely skewed by considering the project 95 months old > (2887 days) instead of ~264 months (8026 days). > > > Nicola
