I am working on several projects monitoring recent uploads PyPI, RubyGems, and CPAN and analyzing them.
One of the most basic items I am looking for is a link to their public VCS on GitHub, GitLab, or elsewhere.
It turns out that a large percentage of them do NOT link to their public VCS.
When I have time I try to track down the repository and either open an issue or send a Pull-Request to change the meta-data of the project to include the link.
Sometimes I even send an e-mail to the authors asking if they have public VCS.
Some tell me they either don't have a public VCS (or no VCS at all). For some I find out that the repository is not up-to-date. eg. in this project I was told the project is internal to some organization.
Are they Open Source?
I wonder, are such project still open source? They might have an OSI approved license, but can someone really access the source code and make changes to the project in a reasonable way?
See point 2. in the Open Source definition
Strictly speaking there is no requirement to have a public VCS, but there is a requirement to have easy access to the source code and to make it possible to change the source code. Do these distribute packages satisfy this requirement?