Gather information and metrics into a single resource that can be used to assess the state of an Eclipse Open Source Project
We have various services that provide us with information that we can use to do a health check. I'm thinking that if we have a resource that pulls as much of this information as possible into one place, we can apply to some simple heuristics to determine whether or not an Eclipse open source project is doing the right sorts of things to be successful.
For example:
- We can use the Projects API to query to determine how many project leads and committers a project has. Having no project leads is a problem. There is some threshold of committers, below which we can consider it a problem.
- We can use the Bitergia data to determine how active a project is. We can also use that data to determine how many of the committers are active, how many non-committer contributors are participating, how many pull/merge requests, etc.
- We can use the Bitergia data to determine whether or not the project is engaging with their community on various channels (does the dashboard track activity in GitHub discussions?)
- We can determine whether or not a project is engaged in the IP due diligence project by checking to see whether or not they have created an IP Issues. The age of the project might help us sort out what might be a reasonable threshold (count): that is, an established project with little or no IP activity is not likely as big a problem as a new project with little or no IP activity.
- We should be able to query whether or not the project has contributed an SBOM.
- We know how to scan project repositories to look for legal documentation.
Also...
- We might be able to use Andre's IP tool to run a rudimentary IP scan to see if there are outstanding IP issues. If the tool does not find any build scripts, then that is a cue to look harder at the project.
- We should consider creating a process (with a means of tracking results that we can contribute into this health check) to formally review licence compatibility within a project.
- We may be able to engage in some sort of rudimentary scan to see whether or not a project's trademarks are being used correctly by the project itself.
We should also consider how we can leverage AI (Gemini) to help.
Just the above should give us a lot to go on.
My thinking is that, based on the results, we should be able to determine how hard we need to look at a project when it comes time for a progress review. A project that hits all of the "buttons" could just get a rubber-stamp to proceed (for example).
We can also use these results as a basis to award various badges, identify projects that are suitable for inclusion in marketing outreach (that is, we advertise our "good citizens") and whatnot.