OpenSSL Cryticality Score

Nicola Tuveri nic.tuv at gmail.com
Fri Dec 11 09:54:30 UTC 2020


On Fri, Dec 11, 2020 at 11:23 AM Matt Caswell <matt at openssl.org> wrote:
>
>
> Actually according to the spreadsheet we are 5th (not 6th) - line 1 in
> the sheet is the title row. Linux takes 2 of the top spots, with git and
> php taking the other spots ahead of OpenSSL.


Good, it's good that the double review process catches my off-by-one
errors also on the mailing list ;)

>
>
> Not sure I understand the "Releases (last yr)" column which says we did
> 41 releases - that's a number I can't reconcile with the actual number
> of releases we did.
>

https://github.com/ossf/criticality_score/blob/59e449d5598de4f27a83070297e5779a4a3407b2/criticality_score/run.py#L96-L114

It seems to be an estimate based on the number of tags, as we don't do
github releases:

```
RELEASE_LOOKBACK_DAYS=365
(total_tags / days_since_creation) * RELEASE_LOOKBACK_DAYS
```

This is definitely skewed by considering the project 95 months old
(2887 days) instead of ~264 months (8026 days).


Nicola


More information about the openssl-project mailing list