[Cryptography-dev] Is this "pyopenssl" update code reviewed?

simtiaz at ncsu.edu simtiaz at ncsu.edu
Wed Oct 5 11:26:41 EDT 2022 

        <html>        <head></head>        <body>            <p>Hi,<br><br>            I am a PhD student from NC State University researching software supply chain security,            specifically the secure use of third-party open source packages.            As part of our research,            we have developed an update audit tool,            <a href="https://github.com/nasifimtiazohi/depdive">Depdive</a>,            that can analyze if the changes in a package update have passed through a code review process.            As part of an empirical evaluation, we studied the update            from version <b>17.5.0</b> to version <b>18.0.0</b> of your package            <a href="https://github.com/pyca/pyopenssl"><i>pyopenssl</i></a>.<br><br>            As per our analysis, the update consists of 9 new commits. We determined that all of the commits were reviewed by a second developer.            Details for each commit and the reasoning on how we determined            if a commit was reviewed are provided in the attached CSV file.<br><br>            We are reaching out to you as the maintainer(s) of <i>pyopenssl</i>,            to evaluate if you agree with our analysis.            We invite you to fill out <a href="https://forms.gle/LBwTcNs2tgHdHVwBA">this short <mark>survey</mark></a>            to provide your opinion.            The survey should take five minutes at the maximum.            Please also fill out the <mark>unique ID 15678</mark> for the update            discussed in this email to help us track responses.<br><br>            We thank you for maintaining a great open source package.            We would be grateful if you help our research            on how downstream users can use third-party packages, like yours,            securely in their supply chain.            Don't hesitate to contact me if you have any questions regarding this survey            or our research in general.            More details on our study can be found            in our <a href="https://arxiv.org/pdf/2206.09422.pdf">current paper draft</a>.<br><br>            Nasif Imtiaz<br>            PhD Student<br>            NC State University<br>            nasifimtiazohi.github.io</p>        </body>        </html>        
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/cryptography-dev/attachments/20221005/c7fb211b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pyopenssl_commit_review_stats.csv
Type: text/csv
Size: 1450 bytes
Desc: not available
URL: <https://mail.python.org/pipermail/cryptography-dev/attachments/20221005/c7fb211b/attachment.csv>

More information about the Cryptography-dev mailing list