Paul Sherwood: >>- maybe worth trying to get a CII badge for SPDX :) Kate Stewart: > For spdx-tools - yes, worth discussing.
I’m technical lead of the CII badge project. Yes, I’d *really* like to see that for spdx-tools, FOSSology, and other SPDX-related OSS projects. If there’s any way that we can help, please let us know!! It’s very straightforward – just have anyone on the specific project (not necessarily the lead) go to: https://bestpractices.coreinfrastructure.org/ and click on “Get Your Badge Now!”. It’s basically a web form, and we even try to fill in some of the answers for you (by looking at the data at the project site). It typically takes an hour or less to fill in the form, so it’s not a huge investment of time. Many people find that their project is doing most of it, and there’s only a few things the project isn’t doing. You can then decide if you want to do them.. but most projects agree that they’re good things, so they go do them & come back to finish the form (and get the badge). Then you can show off the badge - which provides potential users some evidence that you're actively working to create good results. You do NOT have to be perfect to get started. Just get started. > We are interacting with the CII project and have been taking input on how to hook up security information into SPDX, as well as providing input to them on best practices for projects from a licensing perspective. ;-) I can confirm that we’ve been actively talking with the SPDX community (including Kate Stewart!) about the criteria. The current “passing” criteria already specifically require license statement as a SPDX license expression, and we’ve already received some great ideas for higher-level badge criteria. We’re certainly not strangers; on my own time I wrote a tutorial on SPDX, and obviously I’m on this mailing list. Of course, we’d love to have even more feedback. We’d love to have suggestions on our draft higher-level criteria: https://github.com/linuxfoundation/cii-best-practices-badge/blob/master/doc/other.md If you have ideas, please create an issue: https://github.com/linuxfoundation/cii-best-practices-badge/issues --- David A. Wheeler _______________________________________________ Spdx-tech mailing list [email protected] https://lists.spdx.org/mailman/listinfo/spdx-tech
