►
From YouTube: CHAOSS.Risk.December.2.2019
Description
CHAOSS.Risk.December.2.2019
A
So
maybe
the
first
thing
is
in
our
last
meeting
we
talked
about
the
differences
between
different
kinds
of
licenses
and
how
to
address
no
assertion
licenses
and
then
Mets
and
I
do
not
believe.
We've
had
a
meeting
since
this
happened.
I
think
we
had
a
meeting
on
some
other
topic
where
this
came
up
but
I,
don't
think
we've
had
this
discussion
in
this
meeting,
so
I'm
gonna
share
my
screen.
Hopefully
the
correct
one
looks
like
I
did
so
this
is
the
risk
page
ignore
the
best
practice
is
not
showing
up.
A
That's
because
we
made
a
change
that
hasn't
propagated
to
the
census
data
yet,
but
the
thing
that
you'll
notice
is
that
the
license
is
too
clear
now
includes
the
links
to
the
SPD
X
defined
license
and
all
non
SPX
licenses
are
now
defined
as
no
assertion,
and
if
you
I
don't
know,
if
Matt,
that's
nothing,
you
tell
me
if
it
is
implemented
or
not
to
click
on
the
link
to
see
the
files.
If
the
link
is
there,
it
should
be
okay.
B
A
A
B
A
A
C
D
E
C
D
B
This
this
is
just
a
name
discrepancy
that
I
have
fixed
it
just
hasn't
been.
This
hasn't
been
updated
for
this
roof
for
this
instance
yet,
but
it
does
say,
GPL
files,
cuz,
that's
the
first
time
it
general
GPL
is
the
first
thing
that
it
catches
and
it
names
it,
but
I
just
put
into
no
assertion
files
in
the
latest
version.
B
B
D
D
B
D
B
A
little
while
to
load
just
because
it's
not
my
local
machine
and
it's
pulling
from
a
very
far
away
database,
but
let's
say
we
have
OSI
approved,
not
OSI
approved.
So
these
are
the
licenses.
You
can
find
that
how
they're
not
OSI,
approved
and
I
think
one
of
them
was
under
no
assertion,
so
it
didn't
show
up
in
the
file.
B
A
A
A
Alright,
so
that
was
one
important
thing:
I
was
working
really
the
metric
badge
status
also
been
updated
to
be
a
bit
more
robust
and
I.
Think
that
that's
one
of
the
ones-
and
this
is
maybe
where
the
next
item
on
the
agenda
is
which
metric
to
possibly
work.
At
last
time,
we
worked
on
the
CI
best-practices
badge.
D
A
A
So
this
document
is
a
elevated
prisoners
are
best
practices
badge
where
we
essentially
took
the
the
text,
the
markdown
out
of
a
template
and
started
filling
that
in
and
talking
about
it
last
week
and
got
a
little
bit
of
clarity.
I
think
around
look
at
what
the
goal
is,
and
maybe
the
thing
to
check
with
this
group
is
how
how
we
did
with
getting
the
language
writer
around
compliance
with
open
source
project,
best
practices
and
noting
that
we
take
the
part
out.
At
some
point.
D
D
G
So
just
to
sum
up
so
George
knows
all
of
this,
so
I
was
talking.
They
will
take
them
Jessica
and
Mike
about
sustainability
studies,
so
I'm,
but
I
was
talking
explicitly
about
some
work,
that
I've
done
very
my
PhD
on
community
strategies
on
how
companies
decides
decide
which
communities
that
they
should
investment,
yeah,
selecting
the
communities
that
are
of
importance
based
on
their
business
goals.
G
So
looking
at
business
aspects,
also
technical
aspects,
saying
if,
if
the
community
or
the
project,
is
of
importance
from
the
business
from
aligned
with
the
business
goals
and
are
also
looking
at,
is
there
a
possibility
to
gain
influence
on
the
development
from
different
community
perspectives?
And
then
it's
important?
Yes,
is
it
possible
to
gain
influence?
G
Yes,
then,
based
on
the
interviews,
we
suggest
a
number
of
practices
that
can
be
applied
before
the
organ
organizations
or
in
to
gain
just
this
implants,
but
so
what
we
saw
in
in
all
of
the
interview
so
interviewed
about
twenty
open-source
program
offices
and
community
managers.
What
we
saw
was
that
that
was
highlighted,
that
you
should
not
only
consider
the
needs
for
influence
on
the
the
project,
but
also
the
need
for
sustaining
or
improving
the
health
of
the
community.
H
G
Also,
investing
in
that,
and
so
that
kind
of
sparked
my
my
head
to
also
dive
into
the
sustainability
aspects,
and
that's
where
me
and
yeeaargh
are
looking
at
the
paper
we
or
we're
in
the
beginning
of
some
some
research
research
on
the
topic.
Looking
from
the
maintaining
perspective,
I,
don't
know
how
have
you
talked
to
everything
about
that?
You
know.
I
G
G
That
also
looks
at
contributions,
relief,
what
kind
of
business
aspects
or
benefits
that
a
company
looks
at
when
when
the
contributing,
but
also
risks,
costs
and
complexities,
the
other
side
which
maybe
could
motivate
why
doing
and
contributes
I
think
both
papers
could
be
of
value
to
the
risk
perspective.
They
may
be
also
the
value
group
in
came
outside
I,
don't
know,
like
I,
said,
I
prior
to
join
into
these
talks,
but
due
to
time
some
differences
and
other
aspects,
it's
kind
of
hot
you
to
join
in.
I
D
D
That's
I
think
what
David
said
did
when
he
was
initially
setting
up
those
metrics
and
that's
why
I
think
it'd
be
interesting
to
understand.
You
know
a
mapping
of
the
factories.
You
are
there
any
factors
missing
in
the
risk
in
the
CI
best
practices
that
have
been
identified
from
the
Hans
papers
perspective
and
you
know,
should
we
be
trying
to
work
with
that
community
to
increase?
They
won't
change
to
change
some
things
to
includes
other
things,
exactly
publish.
D
You
know
the
other
thing
is
Zephyr
project.
Yes,
a
project
started
in
2016,
and
that
was
the
one
that
Matt
was
just
showing.
This
project
was
started
by
one
company
initially
two
and
take
it
to
being
a
foundation.
Then
I
I've
been
with
it
pretty
much
since
and
started
using
it
as
a
way
of
trying
to
get
the
best
this
and
get
it
to
become
a
sustainable
project.
A
D
Very
conscious
efforts
to
steer
it
towards
diversity
of
contributors,
reduce
about
factors
things
like
that
and
we
to
large
extent
we've
succeeded
in
a
lot
of
things
at
this
point
now,
if
you
actually
go
and
look
on
the
contributors
on
github
saying
look
edit
almost
appear,
it
now
has
the
most
contributors,
all
of
it
all
the
period
ready
to
change
going
into
that
repose.
Now
about
1
1
change
an
hour.
D
There
have
been
around
that
Lane
that
wait
for
last
year,
I'm
slightly
increasing
we've
gained
more
contributors
coming
in
so
some
of
the
things
we've
been
doing
seem
to
be
effective
and
successful,
and
you
know
I'm,
obviously
looking
for
more
good
things
to
do
for
that
project.
So
it's
my
sandbox
to
prove
things
out
in
my
mind,
sounds.
D
Oops,
so
these
are
the
competitive
ecosystem
right
now
and
I
did
looked
at
the
total
number
of
commits
over
last
year
and
there
was
more
than
10,000
when
I
measured
this
in
October
at
the
same
period.
The
next
closest
was
power
over
4,000
and
bits
about
7
to
8,000.
I've
actually
got
the
stats
down
here:
72,000,
sorry,
Wow,
okay,
so
Zephyrs
got
a
fair
amount
of
momentum
in
terms
of
the
commits
that
are
happening
and
the.
A
D
D
Gregory
not
but
I,
think
they're
moving
underneath
Apache
foundation
there
as
an
incubator,
potentially
right
now
so
Apache,
the
Macchi
foundation
already
has
on
minut
in
there
as
well
so
yeah.
They
may
add
a
second
our
toss,
we'll
see.
The
licensing
is
quite
interesting
in
this
one
in
the
next
one,
but
when
I
think
move
over
onto
github
as
well.
However,
just
to
give
you
the
context
every
month,
I
pretty
much
go
into
github
and
look
at
the
insights
page
and
pull
the
numbers
down.
D
A
A
D
D
E
A
A
D
D
So
it's
a
question
of
okay:
where
are
the
next
things
to
tackle
I
say
the
CI
badge
turned
out
to
be
a
very
good
checklist
for
the
project
and
helped
establish
the
security
team,
a
bunch
of
other
things
that
I
think
are
good
practices,
and
so
that's
why
the
badging
isn't
rush
board
that
you
were
showing
mmm-hmm
when
you've
got
the
CI
a--
badging
you're
just
listing
this
desk,
but
I'm
wondering
do
you
want
to
put
the
next
level
of
breakdown
there?
That's.
A
A
Yeah
and
without
just
gonna
call
I
did
I.
There
was
a
separate
thread
related
to
just
showing
we
did
a
little
unsigned
of
some
of
our
data,
and
the
latest
elusive
augur
at
the
last
couple
days
so
that
she
has
we'd
been
doing
a
60-day
rolling
average,
which
was,
as
things
crossed
yearly
boundaries.
Making
them
look
wrong
for
our
group
that
she
has
looking
at
things
very
precisely.
Okay,.
D
A
D
A
D
C
J
C
A
A
A
A
A
C
C
A
B
D
So
like
the
non
is
I
want
to
separate,
for
instance,
there's
actually
a
goals
and
we
are
actually
trying
to
actually
get
to
be
hundred
percent,
though,
if
I
approved,
so
okay,
we're
measuring
it
and
I
can
point
to.
The
three
files
would
be
very
useful
to
me
right
now,
because
I
can
go
and
send
them
in
front
of
people.
So.
D
D
D
Now,
rather
than
saying
on
open-source
licenses,
what
can
I
suggest
something
here?
You.
B
D
D
I
I
D
B
D
C
D
D
I
A
G
C
B
G
C
B
D
I
B
B
D
A
C
A
C
A
D
A
I
Might
be
have
changed
times
of
working
groups
in
the
past,
like
kids,
that
we
send
out
the
doodle
asking
hey
who
is
interested
in
this
weird?
A
group
here
would
consider
and
changing
the
time
of
the
working
group
for
it,
and
then
we
collect
the
feedback
and
decide
afterwards,
which
time
we
want
to
take
yeah.