Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://sauropods.win/@mike" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>mike</span></a></span> I think a lot of <a href="https://infosec.space/tags/metrics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>metrics</span></a> re <a href="https://infosec.space/tags/software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>software</span></a> and espechally <a href="https://infosec.space/tags/FLOSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FLOSS</span></a> are bs.</p><ul><li><p><a href="https://infosec.space/tags/LinesOfCode" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LinesOfCode</span></a> incentivize <a href="https://infosec.space/tags/messy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>messy</span></a> and convoluted source.</p></li><li><p><a href="https://infosec.space/tags/PullRequests" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PullRequests</span></a> incentivize a shitload of micro-corrections and "code cleanups" that aren't productive.</p></li><li><p><a href="https://infosec.space/tags/Stars" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Stars</span></a> incentivize <a href="https://infosec.space/tags/StarFarming" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>StarFarming</span></a>. </p></li><li><p><a href="https://infosec.space/tags/Pulls" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pulls</span></a> incentivize <a href="https://infosec.space/tags/Botting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Botting</span></a>. </p></li><li><p><a href="https://infosec.space/tags/Sponsors" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Sponsors</span></a> incentivize <a href="https://infosec.space/tags/Smurfing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Smurfing</span></a> &amp; <a href="https://infosec.space/tags/Sockpuppeting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Sockpuppeting</span></a>. with <em>alt accounts</em></p></li><li><p>same with <a href="https://infosec.space/tags/Contributor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Contributor</span></a> Numbers and Number of Contributions.</p></li><li><p>Frequency of Commits and changes incentivize constantly pushing empty commits as a sort-of-heartbeat.</p></li><li><p><a href="https://infosec.space/tags/Forks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Forks</span></a> doesn't say jack shite (in fact I know companies that do run a git mirror that regularly pulls repos from some public projects of mine.</p></li><li><p><a href="https://infosec.space/tags/Donations" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Donations</span></a> and <a href="https://infosec.space/tags/Funding" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Funding</span></a> <em>- if any exists at all -</em> only supports massive projects and orgs and not necessarily key components that they too rely upon!</p></li></ul>