+1 On Fri, 5 Jun 2020 at 10:17, Tobias Soloschenko <tobiassolosche...@googlemail.com.invalid> wrote:
> Hi, > > to my opinion they just want to contribute to Wicket. I would simply > explain how the process of contribution works at ASF (PRs, etc.) and give > them some information what challenges we were faced with till now. > > kind regards > > Tobias > > > Am 05.06.2020 um 02:18 schrieb Andrew Kondratev <and...@kondratev.pro>: > > > > Hi colleagues! I just received this email. Not sure what this all means. > > > > ---------- Forwarded message --------- > > От: Santiago Díaz <sald...@google.com> > > Date: чт, 4 июн. 2020 г. в 21:47 > > Subject: Contribution - CSP support for Wicket > > To: <andru...@gmail.com> > > > > > > Hello Andrew, > > > > My name is Santiago, I'm a Security Engineer at Google. I am currently > > making preparations to receive a small group of interns for this summer's > > Google internships and found your email during the course of my research. > > > > *Context* > > Here at Google we have a lot of experience deploying security mechanisms > > (like Content Security Policy, Trusted Types, Fetch Metadata, > Cross-Origin > > Opener Policy and others) at scale. We understand the pains of designing > > strong security policies, finding blockers for their deployment and > > locating pieces of code that need refactoring. > > > > *Why are you receiving this email?* > > For this year's internships (and considering the current global > situation) > > we would like to contribute to selected open source projects, bringing > some > > of our experience to *encourage adoption of some of these security > > enhancements*. Wicket is one of the projects we have shortlisted and we'd > > be happy to collaborate with you! > > > > I found out that there is an ongoing discussion over at > > https://issues.apache.org/jira/browse/WICKET-5406 to improve CSP > support in > > Wicket and that *you have been running some experiments on what that > would > > look like*. > > > > Having said that, it would be great if we could boost your work instead > of > > reinventing the wheel. As such, I would like to know if you'd be open to > > our contributions and if so, whether you'd be willing to give me some > > context on what has been done, what issues you've come across and whether > > you have any thoughts on what would be the best way for us to contribute. > > > > Thank you for reading and I'm looking forward to hearing from you! :) > > > > S. > -- Best regards, Maxim
