FOSSA - Now we need feedback by the real experts

Nico Rikken nico.rikken at
Mon Jul 11 21:44:42 UTC 2016

Just wanted to give a shout out for this important topic. I recognize
the concerns addressed in the commentaries, and can certainly agree
with them.

I find it hard to formulate concrete missteps based on the writups,
even though the general spirit of the recommendations provided
certainly smells. The License table was a good laugh.
I afterwards briefly looked over the WP1-04 and it's like a different
world. Apparently nobody does code reviews, and Debian has no security
team. Also there are way to many N/A's.
Dispite some discussion on the formal details of the best-practice
definitions, the vibe I get is that Open Source Software should not be
trusted. You know, important people have been saying that for years,
and with this document as proof, perhaps FOSS is indeed shit, and we
should stop using it altogether. ;)

Can we maybe croudsource some of the checkmarks like tools and
practices? Perhaps we can show what FOSS is really all about. 

I'll probably take a closer look in the coming days. For now I would
like to encourage anyone on this list to get outraged on the results so

Thanks Matthias, Mirko, and all others involved.

Kind regards,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 213 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the Discussion mailing list