Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:118867
Return-Path: <danack@basereality.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 78533 invoked from network); 21 Oct 2022 15:32:45 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 21 Oct 2022 15:32:45 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 74534180044
	for <internals@lists.php.net>; Fri, 21 Oct 2022 08:32:44 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.0 required=5.0 tests=BAYES_20,DKIM_SIGNED,
	DKIM_VALID,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE,
	T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <danack@basereality.com>
Received: from mail-vs1-f49.google.com (mail-vs1-f49.google.com [209.85.217.49])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Fri, 21 Oct 2022 08:32:43 -0700 (PDT)
Received: by mail-vs1-f49.google.com with SMTP id h4so1614962vsr.11
        for <internals@lists.php.net>; Fri, 21 Oct 2022 08:32:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=basereality-com.20210112.gappssmtp.com; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=ID/Q8aC4AAWiV4gesKgDDNmczgtQevgs9tAeK3I1XVU=;
        b=mf/0rfP6d7JnblKavWSN/FYQUDP8xMG4nOHDwYHhV1ruVpG6NxFWy3SQbcAWOhYcJh
         RHNieU8TsGJV4IUA9jXCcgGAegYg06fmEJLfY8W546so213/q8S6qUd/DRs/H9XADavm
         90Od/gnAVsdBByJH0L5MerPX6xix3jQN90BM63ctVoKtmy2jJqFCHtbmw5kOkmjZoLkY
         9dWyueZxiQR0bmJCXrtTlDd3lEgbVuPpgGPNLnrfg5P/OTuw4pvN+uQ/gEiznroDIq/8
         npFuAd7seAP+6KbGLf1BkPsF3N4gLQC3dWbIbaGPKRCNsHRKRng/d4obbpzn46MS24em
         jl2w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=ID/Q8aC4AAWiV4gesKgDDNmczgtQevgs9tAeK3I1XVU=;
        b=F/A5zdzXxr6FF8y1ZX3fzXODmnyMQbboUsSoBCvp25ZqEQ8gRMjE0yCZCnvdgpcOuE
         LZgMsorcocTx1F8iJlYp5SKO+cFAYXbBG1eAH49zohtUdHUHeUGYcfYXyeo5gOhLYYbk
         pTfIti1ubt7JTDxYWUYCgsjfGiPc3B9k8bAGD845p+KJLOV3xgyZ+t1CyjrlBDQb1qtM
         zLw+6cQ5PbnTwkLIRt5YSqoKniKR/8bRizv4bfg5piEMuvcBy04MR4pM8Lj7WRpdtDRU
         kbaZ8yUxquo2MObqtoFfInUmwdDNj9TaiSHRmDcAwBpbyi4h2cJD1YE+1Ffpg2ErCF99
         5TZg==
X-Gm-Message-State: ACrzQf23f5YizFKIDlN6ClJuBqPhcyGZy/ZhJS5ECmlBOINVVwGY8okx
	Uc8kzDoOrvEnatkgb3Y/a9MK9hDv/8rqECWVXCoMQg==
X-Google-Smtp-Source: AMsMyM7FA7Oj03TQXTQ4/++vu9nL2kgNJCXgaqo/k29frjLuY/V/GRy+j8FPpuy0we7sVwnkcsvMJS0GbS8+DIm5P+A=
X-Received: by 2002:a67:e418:0:b0:3aa:a07:b159 with SMTP id
 d24-20020a67e418000000b003aa0a07b159mr1400902vsf.27.1666366362930; Fri, 21
 Oct 2022 08:32:42 -0700 (PDT)
MIME-Version: 1.0
References: <CAFWHjfpriiBX1Xg34F95zXsgwKQeh1-AwActDws5wuRL83pHhQ@mail.gmail.com>
In-Reply-To: <CAFWHjfpriiBX1Xg34F95zXsgwKQeh1-AwActDws5wuRL83pHhQ@mail.gmail.com>
Date: Fri, 21 Oct 2022 17:32:32 +0200
Message-ID: <CA+kxMuRMpUupsip786piCa+_t1EmitHAw6HQ=fet4RTMgTxm1g@mail.gmail.com>
To: Pedro Nacht <pnacht@google.com>
Cc: internals@lists.php.net
Content-Type: text/plain; charset="UTF-8"
Subject: Re: [PHP-DEV] Adding the OpenSSF Scorecards GitHub Action
From: Danack@basereality.com (Dan Ackroyd)

Hello Pedro.

On Thu, 20 Oct 2022 at 23:26, Pedro Nacht via internals
<internals@lists.php.net> wrote:
>
> I'm happy to answer any questions anyone might have

What is the morality of open source?

What is the morality of encouraging people to contribute to open source?

When people see open source projects being abused by multi-billion
dollar companies, should they stay quiet or should they ask really
annoying questions on the mailing list?

> First time contribution to the mailing-list, apologies
> for any missteps!

Apologies in advance for being difficult, but a lot of people who have
contributed to Open Source for years have quite strong feeling about
events that have occurred, and manipulation by large companies.

cheers
Dan
Ack