Is this "opencensus" update code reviewed?

2 views
Skip to first unread message

sim...@ncsu.edu

unread,
Oct 4, 2022, 12:17:58 PM10/4/22
to census-d...@googlegroups.com

Hi,

I am a PhD student from NC State University researching software supply chain security, specifically the secure use of third-party open source packages. As part of our research, we have developed an update audit tool, Depdive, that can analyze if the changes in a package update have passed through a code review process. As part of an empirical evaluation, we studied the update from version 0.7.7 to version 0.7.8 of your package opencensus.

As per our analysis, the update consists of 2 new commits. We determined that all of the commits were reviewed by a second developer. Details for each commit and the reasoning on how we determined if a commit was reviewed are provided in the attached CSV file.

We are reaching out to you as the maintainer(s) of opencensus, to evaluate if you agree with our analysis. We invite you to fill out this short survey to provide your opinion. The survey should take five minutes at the maximum. Please also fill out the unique ID 25474 for the update discussed in this email to help us track responses.

We thank you for maintaining a great open source package. We would be grateful if you help our research on how downstream users can use third-party packages, like yours, securely in their supply chain. Don't hesitate to contact me if you have any questions regarding this survey or our research in general. More details on our study can be found in our current paper draft.

Nasif Imtiaz
PhD Student
NC State University
nasifimtiazohi.github.io

opencensus_commit_review_stats.csv
Reply all
Reply to author
Forward
0 new messages