Hi Daniel, I wanted to register a specific concern relative to the OK rating of the IN10 checklist item.
I will follow up with some more specifics, but didn't want this conversation to pass by with out registering a concern at this point. Thank you, On Thu, Mar 10, 2016 at 7:57 PM, James Thornton <[email protected]> wrote: > I just checked a few related/similar ASF projects to see how they have > implemented their security channel. > > For example, under the Apache Software Foundation menu on the Spark navbar, > there is a link to the ASF security page... > > - http://spark.apache.org/ > - http://www.apache.org/security/ > > - James > > On Tue, Mar 8, 2016 at 6:11 PM, Stephen Mallette <[email protected]> > wrote: > > > I just added a the source download link to the homepage and included a > link > > to the TinkerPop dev docs on how to build. It was there already in a > way, > > but the change i put in there makes it more obvious. I think we can check > > those two items off the list. > > > > I assume everyone is ok with using [email protected]? any thoughts on > > where we should include this information? is it something that has to be > on > > the home page? can it just be in our reference documentation? > > > > finally we do have at least one non-coding committer. so i guess that > once > > we settle on the security thing, we largely cover the maturity model > pretty > > well. > > > > On Tue, Mar 8, 2016 at 6:40 AM, Daniel Gruno <[email protected]> > wrote: > > > > > On 03/08/2016 12:37 PM, Stephen Mallette wrote: > > > > Nice Daniel - thanks for doing that.... > > > > > > > > As for CD30 note that we do have: > > > > > > > > > > > > > > http://tinkerpop.apache.org/docs/3.1.1-incubating/dev/developer/#_getting_started > > > > > > Then get it on the front page somehow - it's not enough that we have > the > > > document, it must also be accessible. > > > > > > > > > > > What's expected of QU30? I'm not sure I get that one... > > > > > > If someone finds a vulnerability in TinkerPop, they need a place to > send > > > their concerns. You can elect to have a security ML, or you can default > > > to the [email protected] list. Either way, visitors to the page > should > > > be able to find this information. > > > > > > With regards, > > > Daniel. > > > > > > > > > > > > > > > > > > > On Tue, Mar 8, 2016 at 6:12 AM, Daniel Gruno <[email protected]> wrote: > > > > > > > >> Hi folks, > > > >> As part of our considerations about graduating TinkerPop, I have > gone > > > >> through the ASF Maturity Model developed by Bertrand Delacretaz and > > > >> looked at areas where we need to improve. > > > >> > > > >> The preliminary assessment can be found at: > > > >> > https://github.com/Humbedooh/maturity_docs/blob/master/tinkerpop.adoc > > > >> > > > >> Please review the issues that are not yet okay and let's come up > with > > > >> ways to solve them :) > > > >> > > > >> With regards, > > > >> Daniel. > > > >> > > > > > > > > > > > > > > > > -- > James Thornton, *http://electricspeed.com <http://electricspeed.com>* >
