Comment by nwellnhof
1 day ago
Concrete examples: GNU software, musl C library, everything from x.org and freedesktop.org. Just have a look at the top 1,000 projects from the Debian popularity contest and you'll find many projects outside the Github bubble. Why not use the Debian package name in your nomination form instead of a Github URL? Any project important enough to matter will have a Debian package, right?
If you're trying to come up with something like the "criticality score" based on repo metadata like the OpenSSF, you're likely to fail just like they did. Starting with Debian's popcon data makes a lot more sense, in my opinion.
Thanks, captured here: https://github.com/osendowment/endowment.dev/issues/34#issue...
I'd encourage you to look at the Software Heritage archive as an example of the broader diversity in software sources outside of GitHub. Even that doesn't cover everything, because many repos aren't yet archived there, and there are repo formats not yet supported, and code not in repos, and people that refuse/block archiving of their code.
Debian definitely doesn't package every piece of software that needs funding.