Add new metrics--nomalize one version : How many versions of one opensource compoent do you adopt in your project?

[king-gao]

As we know , open source components are intergret in many project, when we use the open source components , maybe some project intergret more than one different versions of one component. In this situation,there are some security issues :

• Security :when there is vulnerability public, we need to fix them many times, because there are many versions have the same vulnerability;
• User experience :If there are more versions of one component in project, the software package size will more bigger ， there are some disadvantages when we install , depoly , deliver the package;
• Governace:If there are more verions of one component in project, open source BOM will longer (especially in the big project), it is more difficult to manage the project;
• Developer experience : more than one version will increase the complex when we coding, test coverage ,build script ,etc.

The conclusion : the best practise is one component one version .

So , can we metrics the normalize one version in project to evaluate the healthy of the project. like the follow ?

name	number of version	version
openssl	3	1.1.1 , 0.9.8 , 1.1.1 c
zlib	2	1.2.9 , 1.2.11
json	1	3.9.1

[MohitPatni0731]

Can I work on this issue

[germonprez]

Thanks for your interest @MohitPatni0731. Certainly, you can help. I'm not sure if you have been following how we make metrics but understanding the workflow might help a bit. In the project, we are on a bit of a break because of the holidays. We will resume our work more consistently in 2021.

[MohitPatni0731]

Actually I've just started my journey in Computer Science and in past few days I'm finding Open source organisation which matches with my skills. So one day I came to know about Chaoss and I find it very interesting as this organization has great vision regarding community health.
Till now I have expertise in Python, HTML, CSS and JavaScript.
So can you suggest or provide me further information about a project in which I can contribute for longer time and which match with my skillset.

[germonprez]

Hi @MohitPatni0731 I might suggest you check out one of the CHAOSS software: Augur

https://github.com/chaoss/augur

This is a piece of software that uses Python in ways to collect and display data that helps in the discovery of open source community health. I'm also tagging @sgoggins who manages the Augur team.

[MohitPatni0731]

Thanks @germonprez for your help

[MohitPatni0731]

Can I work on this project (Metrics) also ?

[germonprez]

Of course. You are welcome to contribute wherever you are comfortable.

…

On Mon, Dec 21, 2020 at 7:54 AM Mohit Patni ***@***.***> wrote: Can I work on this project (Metrics) also ? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#112 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAFAGUAMPZEZ66OSXM5T4NTSV5HTBANCNFSM4TZS25EA> .

-- Mutual of Omaha Professor Information Systems College of Information Science & Technology University of Nebraska Omaha CV: https://bit.ly/2kftONr CHAOSS Board Member https://chaoss.community/ [email protected] he / him / his

[king-gao]

hi， @MohitPatni0731 . Of course we are welcome you can join us .
If you are interesting in metrics ,there are many work group , for example risk ,common,evolution,value,D&I,APP ECO , ect.
If you are interesting in coding, there are also some tools, as @germonprez mentioned, Augur is a good choise.
And if you are interesting this issue , you can talk with us :)

[MohitPatni0731]

Thanks for the advice @king-gao
Also I want to know is there any non-coding projects also.