🤔 Any security scorecard that requires you to link to the security scorecard to get a higher value is bullshit. 💩
👎 The same goes for any scorecard that is not opt-in that puts the burden 100% on the open source project without paying (time or money) for >0% of the work to improve the project is also bullshit. 💩
Jeff Triplett
npub1ns…8ahke
2024-11-20 16:41:52 UTC
Author Public Key
npub1nsp3hg75ge84dn5fttlkpxpxnj0dfl697239dtyz4js3mdw2jllqf8ahkePublished at
2024-11-20 16:41:52 UTCEvent JSON
{
"id": "470ca89acfa84bf36016db547087031473543cfdbe2f1d4b6f7cd5a897439695",
"pubkey": "9c031ba3d4464f56ce895aff6098269c9ed4ff45f2a256ac82aca11db5ca97fe",
"created_at": 1732120912,
"kind": 1,
"tags": [
[
"proxy",
"https://mastodon.social/@webology/113516276124097279",
"web"
],
[
"proxy",
"https://mastodon.social/users/webology/statuses/113516276124097279",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://mastodon.social/users/webology/statuses/113516276124097279",
"pink.momostr"
],
[
"-"
]
],
"content": "🤔 Any security scorecard that requires you to link to the security scorecard to get a higher value is bullshit. 💩\n\n👎 The same goes for any scorecard that is not opt-in that puts the burden 100% on the open source project without paying (time or money) for \u003e0% of the work to improve the project is also bullshit. 💩",
"sig": "c8db737320911a7158108befda0c37fe575fa93bf2c5fe52b47c4d4b946d26f6839bb30402e70bac18c883a1501711ceefda12abdee1ab2d0911890f77951196"
}