►
From YouTube: CHAOSS Risk Working Group 2/10/22
Description
Links to minutes from this meeting are on https://chaoss.community/participate.
A
A
When
we
last
met,
we
were
working
on
a
new
metric
called
defect
resolution
and
by
the
way,
sophia
sends
her
apologies
she's
driving
today,
and
that
was
that
was
kind
of
where
we
ended
up
and
kind
of
putting
off
metrics
reviews
until
we
other
than
the
one
that
benad
was
going
to
help
us
change
the
name
of
so
defect
resolution
time
was
the
one
we
were
working
on.
A
A
All
right
so
we'll
just
dive
right
in
to
issue
resolution
time.
I
know
we
had
a
good
deal
of
okay.
I
understand
google's
new
security
settings
changes.
I
have
to
make
this
a
little
wider
and
I
don't
know
why
that's
there
all
right
is
that
visible
for
everybody
easily
on
your
screen.
A
Okay,
so
I
suggest
we
just
read
through
it
because
and
and
see
where
our
our
questions
are.
Maybe
just
spend
a
little
time
editing.
It.
A
A
D
D
C
C
All
right,
no,
this
is
the
this
is
very
much
the
dancing
on
the
head
of
what
kind.
Let's
talk
about
different
kinds
of
infinities
kinds
of
stuff,
and
do
we
accept
the
axiom
of
choice
today,
all
right
so
anyway,
getting
back
to
the
the
main
point,
though,.
C
E
C
A
C
B
Now,
right
now
it
just
says
accepts
and
then
you
know
when
it
emerges
and
and
they
could
be
missing.
C
F
C
So
I
would
say
when
the
issue,
if
it's
on
github,
for
example,
when
someone
pushes
the
button
that
sends
the
issue
to
the
project,
the
start
because
whining
about
it
within
the
user
community
doesn't
count,
it's
gotta
actually
have
been
set,
because
otherwise
I
mean
people
whine
everywhere.
It's
gotta
actually
have
been
sent
to
the
supplier.
Who
can
do
something
about
it?.
C
E
C
Report
of
a
defect
to
the
project
using
the
project's
defect,
reporting
mechanism-
where's
the
url
here,
just
a
second-
I
see
it.
A
Well,
so
I
think
the
fact
that
the
project
never
gets
resolved
as
a
failed
case,
and
I
think
it's
up
to
the
group
music
to
determine
the
impact
of
that
failed.
Maybe
failed
is
too
valence
to
word.
Maybe
it's
an
alternate
end
case.
C
Now
we've
got
a
oh
sorry
go
ahead.
C
C
Okay,
so
all
right,
so
I
want
to
add
that
to
a
note
near
after
some
of
these
other
notes,
note.
C
E
B
B
Well,
so
the
question
here
is
you're
you're.
Presupposing
that
there's
going
to
be
a
fix-
and
this
is
a
resolution-
it's
not
expect
fixed
time.
It's
a
defect,
resolution
time.
So
a
a
valid
resolution,
in
my
mind
from
that
is
it
could
be.
We
could
be
rejecting
and
choosing
not
to
address
it
as
a
project.
B
A
B
A
So
it's
a
defect
from
the
perspective
of
the
reporter,
but
the
the
decision
like
if
a
decision
not
to
address
it,
causes
no
harm,
then
it's
reason
it
seems
reasonable.
I
think
I
don't
know
if
we
need
to
delineate
or
want
to
go
down
the
rabbit
hole
of
trying
to
delineate
between
not
resolving
software
vulnerability.
Defects,
probably
not
lots.
B
C
C
Should
we
have
a
note
about
the
the
issue
that
you
know
if
you
never,
if
a
project
just
rejects
everything
this
this
metric
will
not
be.
Perhaps
what
you
were
hoping,
I
guess
a
pr
a
project.
C
F
Is
there
a
way
to
track
that
rejection,
maybe
in
the
future
factor
that
into
this
resolution
time
if
they
have
a
lot
of
rejects
and
that.
C
The
problem
of
this
practice,
the
the
problem
is,
of
course
there
are
there
are
I
I
see
this
in
some
of
the
supply
chain
stuff,
like
with
amazon,
where
people
create
garbage.
You
know
comments,
so
just
because
somebody
gives
a
comment
doesn't
make
it
mean
it's
true.
C
That's
right,
you
know,
in
addition,
malicious
commenters.
C
I
I
just
somebody
just
made
a
change
in
point
three,
and
I
do
not
understand
this
grammar.
A
A
E
C
C
C
A
C
A
F
A
C
Right,
in
addition,
malicious
reporters
can
create
yeah.
So
basically,
I
I
think
this
is
good,
because
we're
acknowledging
that
certain
bad
practices
can
happen
and
just
warning
users
of
metrics
users.
C
Right,
I
think
median
helps
with
that.
If
we
want
to
talk
about
that,
you
know
they're.
Maybe
we
should,
I
think.
C
Fair
point:
there.
A
C
Well,
maybe
we
should
talk
about
it
there,
but
I
I
think
I
I
think
the
point
he
raised
about
the
outliers
is
actually
sensible.
I
I'm
happy
to
put
it
in
there.
The
objectives.
E
E
A
C
C
A
C
A
A
So
both
the
like
just
the
whole
alternate
end
case,
section.
F
A
F
A
I
don't
know
if
that,
if
that
is
getting
at,
I
was
looking
to
try
to
put
the
text
in
a
place
where
we
had
a
place
for
it,
and
there
really
isn't
a
notes.
C
Well,
we
put
notes
at
the
top
right
underneath
underneath
the
description.
Note
one
two
three.
A
I
think
it's
fair
to
say
that
for
more
lab
and
you
could
calculate
this
with
either
gremore
lab
or
auger.
A
And
then
there
is
the
the
filter
this
this
special.
This.
B
C
A
A
A
E
C
Yeah,
but
by
the
way,
just
I
I
just
yanked
up
good
ol
sourceforge,
which
has
been
around
forever.
They
have
ticket,
they
call
them
tickets
and
bugs
are
a
different
ticket
than
support,
requests,
patches
or
feature
requests.
C
A
C
E
C
Of
words
often
doesn't
work,
because
if
nobody,
if
just
the
humans,
know
the
difference,
but
they
don't
market,
you
know
great.
We
have
to
bring
up
a
machine
learning.
You
know
you
know
a
now.
You
know
textual
analysis
tool
to
do
our
best.
Good
luck,
I
mean
I
bet
this
is
probably
not
bad
in
terms
of
I
think.
C
I'm
actually
dubious
about
that
it
just
that's
what
they
chose
to
do.
I'm
not
sure
anybody
thought
that
hard
about
it,
because
it's
not
clear
if
I'm
a
if
I'm
a
developer,
I'm
going
to
want
to
filter
out
the
bug
reports
versus
the
feature
requests
seriously.
A
Yeah
one
yeah:
this
is
okay,
so
data
collection
strategies
effectively.
E
So
sean
what
is
at
the
very
end,
I
think
that's
just.
C
E
A
I
mean
what
I
was
going
to
do
is
just
grab
one
from
gramor
lab
and
grab
one
from
auger
and
point
people
to
the
specific
places
in
each
tool
where,
where
one
can
find
this
information
awesome,
we
got
a
metric
done.
I
think
that's
great.
We
didn't
bait
the
nature,
meaning
of
the
word
defect
for
45
minutes,
so
huge
win.
C
E
And
I
have
wanted
to
discuss
david
like
we
are
changing
the
name
from
ci
badging
to
oss.
C
Funny
you
should
ask,
there's
actually
an
issue.
We
have
some
draft
logos.
E
E
Whether
we
need
to
like,
since
the
release
is
not
ready
yet
so
once
the
image
is
finalized,
I
can
then
take
the
entire
thing.
C
I
would
say
change
the
name
now.
The
logo
change
is
a
separate
step,
but
the
name
is
already
done
so
anytime.
You
use
text,
say
the
text
now
you're
right,
there's
going
to
be
a
new
logo,
you'll
be
shocked
to
know
that
people
argue
about
logos
story
at
11.
I
mean
there's,
it's
all
good,
it's
all
good,
but
frankly,
that
I
have
many
other
things
that
are
going
on
my
life
and
I'm.
So
I'm
not
rushing
on
that
one.
We.
A
C
All
right,
I
I
I
will
quickly
for
your
amusement
if
you
want,
if
you
want
there
is,
there
is
a
url
specifically
on
the
on
the
issue
of
the
logo.
If
you.