vy commented on issue #3604: URL: https://github.com/apache/logging-log4j2/issues/3604#issuecomment-2804252632
We had enabled Scorecards, and it helped with 1. Creating a maintenance burden (Remember how many times we needed to fix its CI workflow?) 2. Bringing literally no value by any means > A Scorecard for Apache Log4j is computed anyway, since [Scorecards are computed for 1 million critical projects](https://github.com/ossf/scorecard?tab=readme-ov-file#public-data). Right, and hence, I don't see the reason to duplicate that work. Users interested in Log4j's Scorecards, can find it anyway. > we have more control on what the public sees Do you imply that OSSF is manipulating the scores? Or, we can manipulate the scores as we see fit? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@logging.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
