A recent suggestion I have taken to heart, is to annually remind the PMC and all dev list participants, to review
https://www.apache.org/theapacheway/ Since security of software has been a hot topic of late (since the Log4J CVEs in December) it is worth thinking about how ASF emphasis on healthy/vibrant and diverse project communities enhance security. This is at least partly because they can respond to security flaws meaningfully and rapidly.