Out of ethical disagreement they switched completely to codeberg. And they are certainly not the only ones, given signaling on the fediverse by other EU citizens.
That might be true, but many of the mirrors are unofficial.
If you're trying to come up with something like the "criticality score" based on repo metadata like the OpenSSF, you're likely to fail just like they did. Starting with Debian's popcon data makes a lot more sense, in my opinion.
(or at least Codeberg, SourceHut, etc.)
Maybe giving money to the endowment gives you a vote? (Kills two birds with one stone.)
https://github.com/osendowment/model
Happy to have you join us there to iterate on the model. We do prioritize input from paid-up members ofc. ;^)
I guess this is core of plan and will not change?
Because I was thinking about projects like OpenStreetMap which are generating very useful data used by various open source projects, but are not by itself gathering very big pile of dependencies.
I guess that those would be out of scope.
(note: for OpenStreetMap itself I have gigantic conflict of interest, I received some OSM-related grants for software development)
Pay-to-play, this reinforces the SV mindset underpinning all of this.
Strongly recommend you revise this if you are trying to present yourself as egalitarian. Feedback and suggestions for improvement ought to be considered on the merits, not who it came from, especially if money is the differentiator. (setting aside the natural reputation based weighting)