Thanks for sharing. This is exciting news and I'm happy to see this! On Tue, Nov 7, 2023 at 10:40 AM Jarek Potiuk <ja...@potiuk.com> wrote:
> Hello everyone, > > I wanted to share some news (not so much news for us but - it's just now > reached publication stage) that we have nice security / release process > improvements on-going in Apache Airflow - with several months of work > funded by the Sovereign Tech Fund - German government backed fund that aims > to improve Open Source software. > > You can read a nice blog post we wrote with Pierre at the ASF blog about it > [1] and social media posts are following. > > In-short - several of us banded together and applied to the Sovereign Tech > Fund as a group of individuals who committed to working on improving > Airflow security. And we've got the grant for it. You should see > the efforts coming from those individuals - we are much more focused on the > Security improvements for the last few months and upcoming few months. > > You will see results of it by more security advisories but also by > improvements in our processes and some more automation, we are generally > preparing for the future where software development will be more regulated > in terms of security - both EU and US are very advanced in passing new > regulations that will affect all kind of software - including open-source > software and we want to be ahead of the game, not only following but also > setting the standards for the industry. > > The importance of Airflow has been recognized - we've been selected by STF > as one of 10 most important projects they decided to fund (and they had > many, many applications). > > Security is something that has been pretty close to my heart for quite some > time and we've already started to rethink our security approach before > that. We formed quite a bit more focused security team earlier this year - > which resulted in improving our security policy [2] , Security model [3] > and more formal and organizer approach to our Security team [4]. But with > the STF funding we can double-down on the efforts and spend much more time > and focus by several of us to improve and iterate over processes and tools > we are using. > > Stay tuned for more security related news from Airflow. > > [1] > > https://news.apache.org/foundation/entry/strengthening-security-for-apache-airflow > [2] https://github.com/apache/airflow/security/policy > [3] > > https://airflow.apache.org/docs/apache-airflow/stable/security/security_model.html > [4] > https://github.com/apache/airflow/blob/main/CONTRIBUTING.rst#security-team >