mirror of
https://github.com/ossf/scorecard.git
synced 2024-09-17 11:57:12 +03:00
bc5d7a8d4b
* Improve text on Packaging Make various improvements to the text on packaging. * The original text assumes that only software developers install software packages, which is absurd; end-users install software packages all the time. * The original text seemed to assume that there are only language-level packages, but system-level packages & containers are a thing :-). At least acknowledge them. Also, this doesn't make sense in some cases (e.g., software specific to one website that's updated through commits, or IoT software where there are no "packages" - you upload the entire image); that should be admitted. * Fix main text to stop using "you/your" to mean "project developer". There are at least two *different* readers: (1) developers of the project being measured and (2) potential users of the project being measured. Many users of scorecard will be #2, they'll reading scorecard results to decide if they want to use the software being measured. So don't say "you" and assume that "you" means project developers. I left "you" meaning "project developers" inside remediation, under the assumption that this was remdediation text for project developers. To be fair, *users* of software can also sometimes take remediation steps; that might be worth adding as its own section if we text to add there (e.g., `user_remediation`). I have intentionally not run `make generate-docs` as that would add other irrelevant changes. Instead, after this PR is accepted there should be a `make generate-docs` & a pull of *that*. Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com> * Add note about filing an issue Add note about filing an issue if scorecard fails to detect the packaging mechanism, per review by @naveensrinivasan (thanks!). Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com> |
||
|---|---|---|
| .. | ||
| checks | ||
| checks.md | ||