Hi, These are very good points! I also noticed the security incident reporting when I reviewed it and I agree that it's something we have to work out.
I will work on something tomorrow and provide a draft for the community to review. Do you think it's really necessary to have a separate email alias or is it sufficient to use private@? Best regards, Marco Lieven Govaerts <l...@apache.org> schrieb am Sa., 5. Okt. 2019, 09:44: > Hi, > > On Sat, 5 Oct 2019 at 01:46, Sheng Zha <zhash...@apache.org> wrote: > > > Hi, > > > > It's time to revisit the Apache maturity model for MXNet and see where we > > are with respect to graduation. Qing and I updated the maturity model in > > the wiki [1]. Comments are welcome. > > > > > for "QU30: The project provides a well-documented channel to report > security issues, along with a documented way of responding to them.", you > point to this page: > https://mxnet.incubator.apache.org/api/faq/security. However, > that page doesn't contain any information on how to contact the project to > report a security issue privately. > > Is there a secur...@mxnet.incubator.apache.org mailing list? > I don't see any information on the Contribution page that explains how > security issues should be reported differently from a normal issue, so for > me this is an open TODO. > > What does "Apache-2.0 (partial)" mean for dmlc-core? The github project > indicates it's ASLv2 licensed, so what it 'partial' about it? > > regards, > > Lieven > > > > > -sz > > > > [1] https://cwiki.apache.org/confluence/x/lQqQBQ > > >
