Hi, On Fri, Jun 5, 2020 at 6:17 AM Tobias Soloschenko <tobiassolosche...@googlemail.com.invalid> wrote:
> Hi, > > to my opinion they just want to contribute to Wicket. I would simply > explain how the process of contribution works at ASF (PRs, etc.) and give > them some information what challenges we were faced with till now. > IMO we should explain that the CSP support has been already added in 9.x and to close this forgotten JIRA ticket. Then if they still think there are ways to improve the current implementation they are very welcome to contribute! @Andrew feel free to point them to this discussion. One can join at https://lists.apache.org/thread.html/rbd8b1500fff1140d136a08e35cf8c0f5cf200bf8a60b6a58204ef9a7%40%3Cdev.wicket.apache.org%3E > > kind regards > > Tobias > > > Am 05.06.2020 um 02:18 schrieb Andrew Kondratev <and...@kondratev.pro>: > > > > Hi colleagues! I just received this email. Not sure what this all means. > > > > ---------- Forwarded message --------- > > От: Santiago Díaz <sald...@google.com> > > Date: чт, 4 июн. 2020 г. в 21:47 > > Subject: Contribution - CSP support for Wicket > > To: <andru...@gmail.com> > > > > > > Hello Andrew, > > > > My name is Santiago, I'm a Security Engineer at Google. I am currently > > making preparations to receive a small group of interns for this summer's > > Google internships and found your email during the course of my research. > > > > *Context* > > Here at Google we have a lot of experience deploying security mechanisms > > (like Content Security Policy, Trusted Types, Fetch Metadata, > Cross-Origin > > Opener Policy and others) at scale. We understand the pains of designing > > strong security policies, finding blockers for their deployment and > > locating pieces of code that need refactoring. > > > > *Why are you receiving this email?* > > For this year's internships (and considering the current global > situation) > > we would like to contribute to selected open source projects, bringing > some > > of our experience to *encourage adoption of some of these security > > enhancements*. Wicket is one of the projects we have shortlisted and we'd > > be happy to collaborate with you! > > > > I found out that there is an ongoing discussion over at > > https://issues.apache.org/jira/browse/WICKET-5406 to improve CSP > support in > > Wicket and that *you have been running some experiments on what that > would > > look like*. > > > > Having said that, it would be great if we could boost your work instead > of > > reinventing the wheel. As such, I would like to know if you'd be open to > > our contributions and if so, whether you'd be willing to give me some > > context on what has been done, what issues you've come across and whether > > you have any thoughts on what would be the best way for us to contribute. > > > > Thank you for reading and I'm looking forward to hearing from you! :) > > > > S. >
