📖 Use scorecard (singular) consistently #2428
Conversation
lehors
requested review from
olivekl,
azeemshaikh38,
justaugustus,
laurentsimon,
naveensrinivasan and
spencerschrock
as code owners
lehors
changed the title
|
Integration tests success for |
|
Thanks for bringing this up! I'd like to open it for discussion so we can codify whether it's Scorecards or Scorecard going forward. My understanding is that:
I slightly prefer Scorecards but realize that consistency with the repo name and commands using scorecard (singular) is probably most important. |
+1 |
Important to note, especially because I haven't seen it mentioned elsewhere, is that there is a company called SecurityScorecard.
|
Yes, good point. I've seen it cause confusion at least once among maintainers. Someone recommended Scorecards Action and the repo badge to a project, and the maintainers responded that they weren't interested in displaying a badge linked to a security consulting company. |
|
For what it's worth, I think it would make sense to use "Scorecards" for the project name and "scorecard" for the tool, conveying the idea that the project is about the production of scorecards (for many projects) and that the tool just produces one scorecard. This would require a much more careful update of the docs to comb through all the instances and figure out which one it refers to though. When it comes to the collision with the security company one way to address it is to prefix the name with OpenSSF. This is how many open source projects avoid having to register trademarks for all of their projects. They only need to trademark the prefix. In this case you'd have to use "OpenSSF Security Scorecard". Note that you don't need to use this long form every single time. It typically suffices to do so on the first instance, like in the title of the README.md |
|
Hey, how about dropping Security altogether and simply calling it "OpenSSF Scorecard", and "Scorecard" for short? That would solve the possible conflict with the company SecurityScorecard for sure and I don't think there would be any possible confusion as to what it is about. |
Codecov Report
Additional details and impacted files@@ Coverage Diff @@
## main #2428 +/- ##
=======================================
Coverage 40.70% 40.70%
=======================================
Files 115 115
Lines 9593 9593
=======================================
Hits 3905 3905
Misses 5409 5409
Partials 279 279 |
|
Integration tests success for |
There's the domain name (securityscorecards.dev) to consider, but I'm fine with dropping "Security" and sticking with "OpenSSF Scorecard(s)". That still leaves the singular-vs-plural question. @azeemshaikh38 @laurentsimon @brianrussell2 can you weigh in? |
|
Thanks. Let me add that, given that the repo and the binary are called "scorecard" and (I assume) nobody wants to disrupt everything by changing either of those we cannot get rid of the singular form. So, the options are:
I don't mind updating the PR to do the latter if that's what the maintainers prefer but I honestly don't think it's worth the trouble. |
|
Integration tests success for |
|
Sorry for the delayed response here. Thanks @lehors for starting this. My vote would be for the consistent usage of the singular term - @justaugustus @laurentsimon @naveensrinivasan @olivekl @spencerschrock please vote and provide your inputs. Let's aim to get a majority vote on this soon and try to get this merged in. Can also use the bi-weekly call if needed too. |
|
As someone who came late (2022) to the project, I've always heard and referred to it as Scorecard, so my vote is consolidating on the singular. I think That said, scorecard is a common term, so I'm also in favor of clarifying with OpenSSF Scorecard where relevant. |
I feel better about consolidating around Scorecard knowing that we can move to scorecard.dev, even if it takes some time to get there. It's a better domain, especially given the Security Scorecards confusion mentioned earlier. I vote to use Scorecard going forward and to try to get that migration underway when possible. We could also add a question to the FAQ to clarify (since there are so many blog posts out there calling it Scorecards that will live on even after we update documentation). |
Signed-off-by: Arnaud J Le Hors <[email protected]>
Also rebased. Signed-off-by: Arnaud J Le Hors <[email protected]>
lehors
force-pushed
the
scorecards-cleanup
branch
from
5e67ab4 to
a727cf3
Compare
|
Integration tests success for |
|
I changed the name to OpenSSF Scorecard in the README and CONTRIBUTING files as well as added a FAQ entry. |
|
"Copyright 2022 OpenSSF Scorecard Authors" looks ok to me. |
|
@spencerschrock @laurentsimon @justaugustus please do chime in on this. We have 2 votes for OpenSSF Scorecard (singular) so far. Will wait for one more +1 before getting this merged. |
Already replied above in favor. Not sure if you were counting me as one of the two votes |
|
👍 |
There was a problem hiding this comment.
@lehors -- Thanks for the work on this!
Adding an approval via GitHub to merge this in.
|
@olivekl -- you'll need to approve as well as docs |
|
Integration tests success for |
* Use scorecard (singular) consistently * Use OpenSSF instead of Security in name and add FAQ entry
|
FYI this change in pkg/scorecard.go was a breaking change, should've gone into a new major Semver - or at least have a deprecated alias. |
Signed-off-by: Arnaud J Le Hors [email protected]
What kind of change does this PR introduce?
Improvement
What is the current behavior?
Both "scorecards" and "scorecard" are used.
What is the new behavior (if this is a feature change)?**
"scorecard" is used consistently, with a couple of exceptions that would require a breaking change:
https://api.securityscorecards.dev/...
https://slack.openssf.org/#security_scorecards
Which issue(s) this PR fixes
Fixes #2427
Special notes for your reviewer
This change is not strictly limited to the documentation because it also changes a couple of lines of code to use "RunScorecard" instead "RunScorecards" for consistency.
Does this PR introduce a user-facing change?
The singular form "scorecard" is now used consistently.