Hi Santiago, Feel free to follow Wicket dev community discussion on this subject at https://lists.apache.org/thread.html/rbd8b1500fff1140d136a08e35cf8c0f5cf200bf8a60b6a58204ef9a7%40%3Cdev.wicket.apache.org%3E
чт, 4 июн. 2020 г. в 21:47, Santiago Díaz <sald...@google.com>: > Hello Andrew, > > My name is Santiago, I'm a Security Engineer at Google. I am currently > making preparations to receive a small group of interns for this summer's > Google internships and found your email during the course of my research. > > *Context* > Here at Google we have a lot of experience deploying security mechanisms > (like Content Security Policy, Trusted Types, Fetch Metadata, Cross-Origin > Opener Policy and others) at scale. We understand the pains of designing > strong security policies, finding blockers for their deployment and > locating pieces of code that need refactoring. > > *Why are you receiving this email?* > For this year's internships (and considering the current global situation) > we would like to contribute to selected open source projects, bringing some > of our experience to *encourage adoption of some of these security > enhancements*. Wicket is one of the projects we have shortlisted and we'd > be happy to collaborate with you! > > I found out that there is an ongoing discussion over at > https://issues.apache.org/jira/browse/WICKET-5406 to improve CSP support > in Wicket and that *you have been running some experiments on what that > would look like*. > > Having said that, it would be great if we could boost your work instead of > reinventing the wheel. As such, I would like to know if you'd be open to > our contributions and if so, whether you'd be willing to give me some > context on what has been done, what issues you've come across and whether > you have any thoughts on what would be the best way for us to contribute. > > Thank you for reading and I'm looking forward to hearing from you! :) > > S. >
