potiuk commented on PR #2186:
URL: https://github.com/apache/activemq/pull/2186#issuecomment-4882691125

   `mattrpav` thanks for jumping in and for the first-pass edits — much 
appreciated.
   
   Two equally-good ways to handle this; pick whichever is less friction for 
you:
   
   **Option A — just answer inline (easiest).** Drop a comment on this PR with 
one line per §14 question: *confirm / correct / strike*. That's genuinely all 
we need — I fold the answers into `THREAT_MODEL.md` and push the revision back 
to this branch, so the PMC never has to touch the doc mechanics. This is how 
most projects have done it (examples below).
   
   **Option B — edit the doc directly** in the branch, if you'd rather own the 
wording. The mechanics for that are below.
   
   **On the "leave the references or remove them?" question — leave them, just 
flip the tag.** The provenance tags are load-bearing (they tell the scan agent 
and future readers which claims the PMC has *ratified* vs. which are still our 
guess), so they stay for the life of the doc. What changes per answered 
question is three small things:
   
   1. Flip every matching `*(inferred — see §14 Qn)*` tag in the body to 
`*(maintainer)*` (or to `*(documented — <cite>)*` if it turns out a project doc 
already says it).
   2. Fold the substance of your answer into the surrounding prose if it 
corrects or sharpens the claim.
   3. Retire the §14 question itself once it's fully resolved — that numbered 
entry is scaffolding and *does* get removed (or struck). The tag in the body is 
what persists.
   
   So: references-in-the-body stay (re-tagged); the §14 question goes away.
   
   **Worked example — moving Q9 (peer broker) from inferred → confirmed.**
   
   The claim today, in §2, reads:
   
   > - **Peer broker (authenticated but adversarial):** the other end of a 
network-of-brokers link. Holds a legitimate identity but can behave 
arbitrarily. *(inferred — see §14 Q9)*
   
   and §14 Q9 asks whether ActiveMQ provides any cross-link safety guarantee or 
whether a malicious peer is wholly the operator's trust decision.
   
   Say the PMC answers: *"No cross-link authorization guarantee — a 
compromised/malicious peer is the operator's trust decision."* After folding 
that in, the §2 bullet becomes:
   
   > - **Peer broker (authenticated but adversarial):** the other end of a 
network-of-brokers link. Holds a legitimate identity but can behave 
arbitrarily; the broker provides **no forwarded-message authorization 
guarantee** across the link, so a compromised peer is the operator's trust 
decision. *(maintainer)*
   
   …and §14 Q9 is deleted. That's the whole transformation — tag flips, the 
answer's substance lands in the prose, question retires. A one-line "Q9: 
confirmed, no cross-link guarantee" from you produces exactly that edit on my 
end.
   
   **A few past models where this played out**, if it helps to see the pattern:
   
   - **apache/creadur-rat#677** — Claudenw asked this exact question ("we 
answer questions and push the resulting file?"); the thread walked each item, 
and answered ones became `(maintainer)` (e.g. the archive-OOM gap, XXE 
hardening, the custom-matcher trust surface).
   - **apache/helix#3148** — junkaixue confirmed a batch inline (helix-rest 
ships auth-less by default, ZK access is ZK-gated, gateway/agent are 
pluggable); all folded in as `(maintainer)` in one push.
   - **apache/drill#3052** — cgivre *corrected* an inferred call (the 
`contrib/` plugins are in-scope, not out) and added a KNOWN-NON-FINDING for 
storage enumeration — a good example of the "correct / strike," not just 
"confirm," path.
   
   No rush on any of it — one line per question whenever you have a moment is 
plenty. Happy to fold as they come in rather than waiting for all ten.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact


Reply via email to