Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:118882 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 36616 invoked from network); 25 Oct 2022 06:54:38 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 25 Oct 2022 06:54:38 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id B03701804BA for ; Mon, 24 Oct 2022 23:54:37 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=BAYES_20,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS15169 209.85.128.0/17 X-Spam-Virus: No X-Envelope-From: Received: from mail-vs1-f43.google.com (mail-vs1-f43.google.com [209.85.217.43]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Mon, 24 Oct 2022 23:54:36 -0700 (PDT) Received: by mail-vs1-f43.google.com with SMTP id 1so10037790vsx.1 for ; Mon, 24 Oct 2022 23:54:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=basereality-com.20210112.gappssmtp.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=U7Wim9b2dVVK4fe2l5S95I8XmkRq+o3btziH6IJp4i4=; b=ZYeUx0BvmFgtqwdrXFFYV856DLlON/sxyK3Dnjyz7I5yUgJuf0qK5SmNbTWd2gFeu8 Ye4zAM2LK1MzEi88MtYeyGXfULOje97MSHQQ9mFitIR5FOOq13dfb/bmXRyk2txCU7aF JGzKf1afSkIloMBPSjwK5kagSTnUvQ9UimTABFW50SE36mfiRejly4MuzBLP7D+zgrsM hpk6ddLu2SCRFlrob/niyIsX5eWRrfOWI9IFSflW+FLYsUT8+6dL5kKIvYE7NwakT5JT QC/Ls1kZo9TexW/oxrgglfDbRmB2nrYwBL9CSb+YYXyh9ssOwWiUts/qxiO2bb37iWpp OMJg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=U7Wim9b2dVVK4fe2l5S95I8XmkRq+o3btziH6IJp4i4=; b=PVxJasaWCmXJf3Sp85l+hXdRSbHym6C6abkjZv4hAIfUYALZh7AlLuyCFt3y/dWr5L CCgRNbQ7oLr+LUNgBqG7Nb9zV3FRqzVXUlTJ/QLZlORPoVUxlBVPVy4OoOzfqBHdLyPF xUaL0TXsBbsztq4nYR+XRDkkILeYn/8x7w4FHFTETyE3oVWe6mfjJZ8CTsLk7oPhIw68 QPA9Yc1YyfAHsx2UYUppDdF5Il8pNK+WtVCRwT+VeDaq0iLooWuD8ekgl+EEUUYjMS95 Eb5FqsFNFXMPPPEN10D8ucOOK7KSAu6b3VCthiJNle0C9IxXCxT1+v392Y+NMD8RRZKP J86g== X-Gm-Message-State: ACrzQf33UUoHu9u8KwQ/CYtnGZuPuWyXIEgT+ngis2G30vnRM727NtFM Vpb3Pzjb9JAm1vMBOPocZSN5eRO+iHta/S8JMSf3Jg== X-Google-Smtp-Source: AMsMyM4GhTOiSpck5fgfAn3aCy6GKasO0v6cDqGOdsbbnVVT38TgYePC/iNSy37rUTKLEZCmuX6b9iBE9sqxWiFIBvA= X-Received: by 2002:a67:e005:0:b0:3aa:1eac:6879 with SMTP id c5-20020a67e005000000b003aa1eac6879mr4749430vsl.8.1666680876267; Mon, 24 Oct 2022 23:54:36 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: Date: Tue, 25 Oct 2022 08:54:25 +0200 Message-ID: To: Pedro Nacht Cc: internals@lists.php.net Content-Type: text/plain; charset="UTF-8" Subject: Re: [PHP-DEV] Adding the OpenSSF Scorecards GitHub Action From: Danack@basereality.com (Dan Ackroyd) Hi Pedro, On Mon, 24 Oct 2022 at 19:06, Pedro Nacht via internals wrote: > > Hey Jordan, You seem to have responded to Jordan's tech questions, but I was really hoping for an answer to my more fundamental questions: Danack wrote: > What is the morality of open source? > What is the morality of encouraging people to contribute to open source? Though....perhaps we should start you off with an easier question. What is the morality of OpenSSF asking projects to add these scorecards to their projects? I'll even give you a hint; try describing the motivations of the OpenSSF (and it's backers) and how they differ from contributors to open source projects. cheers Dan Ack