Philippe Ombredanne

@sbarnea @JulianWasTaken @codewithanthony @pajlada ^

@sbarnea @JulianWasTaken @codewithanthony pajlada github.com/pajlada/github…

Can someone recommend bulk github repository configuration and audit tool? If I fail to find a decent one I consider writing one based on pytest, as I can add checks as tests and parametrize them, making very easy to extend and maintain it later.

@Sh1bumi @stevespringett @lorenc_dan @Sh1bumi Hey! ... that's awesome. Let me review the PR and discuss there @stevespringett thanks for the ping! @ashcrow ^

@stevespringett @lorenc_dan The Go implementation seems to be very outdated. Do you mind adding me to the package url organisation or contacting the current maintainer? There are a few open issues and PRs ..

Do I have someone related to Package URL in my timeline? During the last couple of hours I have worked on a PR for the Package URL Go implementation. Can we get this merged? The repository misses an active maintainer

Hola Everyone!!! @gdscheritageit had an amazing session "Guild to GSoC and Opensource" by @MrHritik. If you are interested about @gsoc and #OpenSource make sure to Check it Out!!!😇 Special Thanks to @pombr and @rachejazz . Event - bit.ly/GDSCOpen #GrowWithGDSCHIT #GSOC

@OpenSourcePilot on looking first for #FOSS license evidence matters most opensource.com/article/21/7/o… (with a decent #FOSS tool ;) )

Switzerland plans to anchor public services’ contribution to open source in law joinup.ec.europa.eu/collection/ope… | OSOR

@gpooc @dirkriehle @scancode @fossology @osrgroup @anulman @bitandbang gpooc See github.com/maxhbr/License… and lsc.maxhbr.de that ran some benchmark on license detection that included Ninka for evidence .. this in particular lsc.maxhbr.de/spdx-testfiles…

@pombr @dirkriehle @scancode @fossology @osrgroup @anulman @bitandbang Do you have any evidence to back up "mostly out of date"? It is not like there are new licenses every day.

Comparing efficiency and correctness of license crawlers @scancode @fossology @osrgroup

@gpooc @dirkriehle @scancode @fossology @osrgroup @anulman @bitandbang I have some evidence, but there have been no license updates in Ninka for about 4 years. I discover or get report of new FOSS or proprietary license notices or new licenses at least once a week or more on average. 4 years is like a century is this domain.

@gpooc @dirkriehle @scancode @fossology @osrgroup @anulman @bitandbang There are (possibly unfortunately) new licenses often enough and even more so many new way to state existing licenses that pop up that Ninka is mostly out of date for any practical use today.

@stevespringett that's awesome! ... Tell me how I can help 😍

@gpooc @dirkriehle @scancode @fossology @osrgroup @anulman @bitandbang Ninka is not maintained and mostly out of date

@dirkriehle @scancode @fossology @osrgroup @anulman @bitandbang it might worth to consider Ninka ninka.turingmachine.org to identify licenses in the source code (even though it is in the references, the tool does not seem to be used)

@dirkriehle @scancode @fossology @osrgroup @anulman @bitandbang As a maintainer for scancode this is a fascinating read! I may not agree on some of the conclusions, in particular random sampling, but what is missing is reproducibility. Which tools versions and scanned code version? Where are the scripts to redo this?

@scancode @fossology @osrgroup The final thesis is here osr.cs.fau.de/2019/08/07/fin… and a paper is in the works based on extended data @anulman @bitandbang

#ScanCode and #AboutCode FOSS projects are a #GSoC mentoring org for the @gsoc 2019 ... Students can sign up until April 9th with their proposals #6118953540124672" target="_blank" rel="nofollow noopener">summerofcode.withgoogle.com/organizations/… 😎Help us scan #code better for origin, #license, #packages and deps and more!

When it comes to licence identification, @pombr 's Scancode accuracy is hard to beat. Thanks for enterprise.dejacode.com/licenses/publi… #Compliance

See also youtube.com/watch?v=Pc1Hof… for the talk video. I had the privilege to chat with @edward_j_kearns and this was great: from satellites to nuclear power plant cooling to solar system climate to submarine drones to the everglades and more: #fascinating person, mission and job! twitter.com/jeffborek/stat…

@lsaiz BTW, there are now #packageurl (aka. purl github.com/package-url ) #FLOSS implementations that have been contributed in #golang @golang, #java and #python .... Help wanted for #javascript #ruby and others. 😇

@pombr Yes!! We were working around “internal CPEs”

that's great. I wished CPE would do it, but there is somewhat of a gap between CPEs and the actual reality of packages as used today IMHO... I tried to capture this in this FAQ entry #can-i-use-a-cpe-instead-of-a-purl" target="_blank" rel="nofollow noopener">github.com/package-url/pu… github.com/package-url twitter.com/stevespringett…

@lsaiz I still think CPEs are essential, and #packageurl (aka. purl github.com/package-url ) are a way to bridge the gap between software packages as we know of it and use and officially tracked vulnerable packages in the national vulnerability database #NVD and at @MITREcorp

I modestly help there! We are embarking on an idealistic open #FLOSS data journey to help each and every #FLOSS project provide #OpenSource license clarity and more. Join us if you care about this @OpenSourceOrg github.com/clearlydefined/ twitter.com/clearlydefd/st…

Interesting approach to provide a universal reference mechanism for packages by @pombr at #lfosls

“If your software does not have easily detected license information, it is a bug” @pombr #lfosls