Hi, to my opinion they just want to contribute to Wicket. I would simply explain how the process of contribution works at ASF (PRs, etc.) and give them some information what challenges we were faced with till now.
kind regards Tobias > Am 05.06.2020 um 02:18 schrieb Andrew Kondratev <and...@kondratev.pro>: > > Hi colleagues! I just received this email. Not sure what this all means. > > ---------- Forwarded message --------- > От: Santiago Díaz <sald...@google.com> > Date: чт, 4 июн. 2020 г. в 21:47 > Subject: Contribution - CSP support for Wicket > To: <andru...@gmail.com> > > > Hello Andrew, > > My name is Santiago, I'm a Security Engineer at Google. I am currently > making preparations to receive a small group of interns for this summer's > Google internships and found your email during the course of my research. > > *Context* > Here at Google we have a lot of experience deploying security mechanisms > (like Content Security Policy, Trusted Types, Fetch Metadata, Cross-Origin > Opener Policy and others) at scale. We understand the pains of designing > strong security policies, finding blockers for their deployment and > locating pieces of code that need refactoring. > > *Why are you receiving this email?* > For this year's internships (and considering the current global situation) > we would like to contribute to selected open source projects, bringing some > of our experience to *encourage adoption of some of these security > enhancements*. Wicket is one of the projects we have shortlisted and we'd > be happy to collaborate with you! > > I found out that there is an ongoing discussion over at > https://issues.apache.org/jira/browse/WICKET-5406 to improve CSP support in > Wicket and that *you have been running some experiments on what that would > look like*. > > Having said that, it would be great if we could boost your work instead of > reinventing the wheel. As such, I would like to know if you'd be open to > our contributions and if so, whether you'd be willing to give me some > context on what has been done, what issues you've come across and whether > you have any thoughts on what would be the best way for us to contribute. > > Thank you for reading and I'm looking forward to hearing from you! :) > > S.
