potiuk opened a new pull request, #3052:
URL: https://github.com/apache/drill/pull/3052

   **This is a proposal for the Drill PMC to review — please correct, reject, 
or discuss as needed.** Every claim is provenance-tagged (*(documented)* / 
*(inferred)*); the *(inferred)* ones are the team's draft reasoning for you to 
confirm or strike, collected as "Open questions for the maintainers" (§14, 
three waves).
   
   This adds a draft `THREAT_MODEL.md` plus the `AGENTS.md -> SECURITY.md -> 
THREAT_MODEL.md` discoverability wiring for Apache Drill, drafted at the PMC's 
request (Charles Givre, path 3) using the [threat-model-producer 
rubric](https://gist.github.com/potiuk/da14a826283038ddfe38cc9fe6310573).
   
   What's needed from the PMC: walk the §14 questions (a one-line confirm / 
correct / strike per question is plenty). We fold your answers in and the 
*(inferred)* tags become *(maintainer)*. Nothing here is a requirement — the 
scan just runs with less noise when the model is filled in.
   
   Context: this is pre-flight for an automated agentic security scan the ASF 
Security team is piloting; discoverability (`AGENTS.md -> SECURITY.md -> the 
model`) is the one hard gate. Questions / pushback welcome.
   
   Generated-by: Claude Opus 4.8 (1M context)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to