Security page at http://eagle.incubator.apache.org/sup/index.html is updated with new content, please review if it conforms to what we expected.
On Thu, Aug 25, 2016 at 10:28 AM, Michael Wu <[email protected]> wrote: > Hi mentors, > > I will update security page content taking the mentioned aspects. > > Except for the security part, is there any other gaps that you feel eagle > has to fill before graduation? Please feel free to point issues out and we > will do our best to get aligned to what graduation requires. Thanks. > > Michael > > On Wed, Aug 24, 2016 at 9:53 AM, Julian Hyde <[email protected]> wrote: > >> I did a quick survey, and it seems that most projects do not have a >> security team[1], which means that vulnerabilities should be reported to >> [email protected]. Of the projects that do, Kafka seems a good model >> to follow; its security page is simple and clear[2]. >> >> Julian >> >> [1] http://www.apache.org/security/projects.html < >> http://www.apache.org/security/projects.html> >> >> [2] http://kafka.apache.org/project-security.html < >> http://kafka.apache.org/project-security.html> >> >> >> > On Aug 23, 2016, at 6:29 PM, P. Taylor Goetz <[email protected]> wrote: >> > >> > >> > The maturity model assessment looks good to me, though I haven't delved >> deep into it. >> > >> > Regarding security issues, since Eagle is a security-related product I >> would expect there to be a well-defined process/protocol that ensured >> vulnerability reports were kept private until patched, CVE process, etc. >> Eagle hasn't had any major security issues during incubation, but should be >> prepared for them after graduation. >> > >> > Here [1] [2] are two great resources for understanding what is expected >> from an ASF standpoint. >> > >> > -Taylor >> > >> > [1] http://www.apache.org/security/ >> > [2] http://www.apache.org/security/committers.html >> > >> >> On Aug 23, 2016, at 6:52 PM, Julian Hyde <[email protected]> wrote: >> >> >> >> I reviewed https://cwiki.apache.org/confl >> uence/display/EAG/Eagle+Podling+Maturity+Assessment < >> https://cwiki.apache.org/confluence/display/EAG/Eagle+Podli >> ng+Maturity+Assessment> and it looks good. >> >> >> >> Only one issue. Regarding QU30: The dev list and JIRA (listed in >> http://eagle.incubator.apache.org/sup/index.html < >> http://eagle.incubator.apache.org/sup/index.html>) do not seem >> appropriate places to report security issues, because they are public. Is a >> private channel needed? >> >> >> >> Can some other mentors please review? >> >> >> >> I think the consensus is emerging that Eagle is ready to graduate. The >> community should start taking steps to graduate, including agreeing bylaws >> (or deciding that bylaws are not necessary), choosing an initial PMC chair, >> crafting the resolution for the Board, and starting a vote thread. >> >> >> >> Julian >> >> >> >> >> >> >> >>> On Jul 31, 2016, at 9:05 PM, Edward Zhang <[email protected]> >> wrote: >> >>> >> >>> I have commented some assessment points and we can remove that once >> after >> >>> they are reviewed. >> >>> >> >>> Thanks >> >>> Edward >> >>> >> >>>> On Sun, Jul 31, 2016 at 7:09 PM, Hao Chen <[email protected]> wrote: >> >>>> >> >>>> Thanks Michael for preparing the "Eagle Podling Maturity Assessment". >> >>>> >> >>>> Eagle community, >> >>>> >> >>>> could you (in particular Mentors & PPMC) please help review and >> comment? >> >>>> >> >>>> - Hao >> >>>> >> >>>>> On Fri, Jul 29, 2016 at 4:36 PM, Michael Wu <[email protected]> >> wrote: >> >>>>> >> >>>>> Hi guys, >> >>>>> >> >>>>> Following the model Julian cited, we created a wiki page for >> >>>>> self-assessment at: >> >>>>> >> >>>>> >> >>>> https://cwiki.apache.org/confluence/display/EAG/Eagle+Podlin >> g+Maturity+Assessment >> >>>>> . >> >>>>> Please take a look at it and make your valuable judgement and >> >>>> instructions. >> >>>>> >> >>>>> Overall, according to the aspects that the model values and >> inspects, and >> >>>>> traverse the results listed in the wiki page, personally, I think >> Eagle >> >>>> is >> >>>>> approaching the point of graduation, and is facing the right way >> towards >> >>>>> it. (please correct me if i'm wrong, thanks) >> >>>>> >> >>>>> In this assessment wiki page, status "OK" stands for the all >> resolved >> >>>>> items, status "ON GOING" stands for 2 items that we're striving to >> work >> >>>> on >> >>>>> and will update. Additionally, there is 1 item marked as "NOT APPLY" >> >>>>> because the "convenient binaries" model seems not fitting for eagle, >> >>>> could >> >>>>> you please verify if it's true and rule RE40 >> >>>>> < >> >>>>> >> >>>> https://cwiki.apache.org/confluence/display/EAG/Eagle+Podlin >> g+Maturity+Assessment#EaglePodlingMaturityAssessment-RE40 >> >>>>>> >> >>>>> could be skipped? >> >>>>> >> >>>>> Any comment and instruction will be appreciated, as all we made or >> will >> >>>>> make is to keep the project running in the right way. :) >> >>>>> >> >>>>> Michael >> >>>>> >> >>>>>> On Fri, Jul 29, 2016 at 12:28 PM, Hao Chen <[email protected]> wrote: >> >>>>>> >> >>>>>> Thanks very much for bringing up graduation discussion for Eagle. >> >>>>>> >> >>>>>> Eagle community has almost fully understand how to run an open >> source >> >>>>>> project in apache way. Apache Eagle (incubating) is now open to be >> >>>>>> contributed and adopted by lots of different organizations >> including >> >>>> but >> >>>>>> not limited to eBay, Paypal, Dataguides, Yihaodian, etc. The >> community >> >>>>> has >> >>>>>> continuously been building and expanding itself by sharing and >> talking >> >>>>>> eagle with the word industry in international conferences like >> Hadoop >> >>>>>> Summit, Hadoop Stratus, QCon in San Jose, London, Dublin, Shanghai, >> >>>>>> Beijing, etc. and also lots of meetups. And the community has >> >>>>> successfully >> >>>>>> release v0.3.0, v0.4.0 and is actively preparing v0.5.0 following >> >>>> apache >> >>>>>> releasing process. >> >>>>>> >> >>>>>> To make it clear how close is eagle ready to graduate, right now >> the >> >>>>>> community is working on preparing an "Eagle Podling Maturity >> >>>> Assessment" >> >>>>> to >> >>>>>> measure how mature eagle is and what tasks may remain before >> >>>> graduation, >> >>>>>> will be sent out very soon. >> >>>>>> >> >>>>>> - Hao >> >>>>>> >> >>>>>> On Fri, Jul 29, 2016 at 11:25 AM, P. Taylor Goetz < >> [email protected]> >> >>>>>> wrote: >> >>>>>> >> >>>>>>> Graduation is mostly about whether a podling is healthy in terms >> of >> >>>>>>> growing the community and making releases. I don't think technical >> >>>>> issues >> >>>>>>> are relevant here. >> >>>>>>> >> >>>>>>> -Taylor >> >>>>>>> >> >>>>>>>> On Jul 28, 2016, at 8:12 PM, Tang Jijun(上海_技术部_架构部_大数据平台_唐觊隽) < >> >>>>>>> [email protected]> wrote: >> >>>>>>>> >> >>>>>>>> I don't think eagle is ready to graduate. >> >>>>>>>> Because >> >>>>>>>> 1 Code is not stable. >> >>>>>>>> 2 Project need more unit test. >> >>>>>>>> >> >>>>>>>> Best Wishes >> >>>>>>>> >> >>>>>>>> 唐觊隽 >> >>>>>>>> Jr. Engineer , Architecture - Fundation, Tech Dept >> >>>>>>>> Floor 4, 295 ZUCHONGZHI RD, Zhangjiang, Shanghai (201203) >> >>>>>>>> >> >>>>>>>> -----邮件原件----- >> >>>>>>>> 发件人: Edward Zhang [mailto:[email protected]] >> >>>>>>>> 发送时间: 2016年7月29日 5:19 >> >>>>>>>> 收件人: [email protected] >> >>>>>>>> 主题: Re: [DISCUSS] Is Eagle ready to graduate? >> >>>>>>>> >> >>>>>>>> Yes, we should discuss that on the list, and will go through >> >>>> maturity >> >>>>>>> model first soon. >> >>>>>>>> >> >>>>>>>> Thanks >> >>>>>>>> Edward >> >>>>>>>> >> >>>>>>>>> On Thu, Jul 28, 2016 at 2:15 PM, Julian Hyde <[email protected]> >> >>>>>> wrote: >> >>>>>>>>> >> >>>>>>>>> >> >>>>>>>>>> … also want to discuss this with other contributors. >> >>>>>>>>> >> >>>>>>>>> Why not discuss with them on this list? >> >>>>>>>>> >> >>>>>>>>> Julian >> >>>>>>>>> >> >>>>>>>>> >> >>>>>>> >> >>>>>> >> >>>>> >> >>>> >> >> >> >> >
