On 01/15/2015 02:47 AM, Bertrand Delacretaz wrote:
> On Wed, Jan 14, 2015 at 8:29 PM, Phil Steitz <[email protected]> wrote:
>> ...QO30 - do we really want individual projects to have / advertise
>> their own ways to take security reports?...
>
> We do not want that, agreed, but as I want the model to be usable by
> non-Apache projects as well I'm trying to focus on the core principles
> in the model, and leave the Apache specifics to footnotes.
>
> I have added a footnote to QU30 that points to
> http://www.apache.org/security/ as the default, does that work for
> you?
>
> Sling for example has
> http://sling.apache.org/project-information/security.html which is a
> bit more Sling-specific and also points to
> http://www.apache.org/security/
>
> -Bertrand
>
LC20 needs a lot more expansion. There are so many open source licenses.
Depending on the complexity of the given ASF project, it's a challenge
to evaluate LC20.
--
-------------------------------------------------------------------------
MzK
"There's a bit of magic in everything,
and some loss to even things out."
-- Lou Reed
