Hi all,

I’d like to start a discussion and request *PMC and community review* of
*fineract-backoffice-ui* and the proposed security threat model included in
its review PR.

The main *FINERACT* repository already has an implemented threat model. In
parallel, we now also have separate repositories under the Apache Fineract
project that are under active development and are not yet release-ready. I
think this is a good opportunity to review how we approach security,
contributions, and PMC/community review for those repositories, while also
providing a clearer distinction between the main FINERACT codebase and
separate project repositories.

One repository I’d specifically like to introduce is
*fineract-backoffice-ui*:
https://github.com/apache/fineract-backoffice-ui

For context, *fineract-backoffice-ui* is a work-in-progress Angular-based
frontend for the core Fineract APIs, intended to provide a modern
back-office interface for Apache Fineract. It follows an API-first approach
and is being developed as a separate repository rather than inside the main
FINERACT codebase.

As part of the current review for *fineract-backoffice-ui*, I have opened
the following PR:
https://github.com/apache/fineract-backoffice-ui/pull/99

The PR includes a sample security threat model for *fineract-backoffice-ui*.
I’m looking for PMC and community feedback on the PR itself, on the
proposed threat model, and on how we can improve the overall review
approach for repositories like this.

In particular, I’d appreciate feedback on:

   - the current review PR for *fineract-backoffice-ui*,
   - the proposed security threat model included in that PR and how it can
   be improved,
   - and how we should approach contributions and review expectations for
   repositories that are separate from the main FINERACT codebase.

My goal is both to move forward the review of *fineract-backoffice-ui* and
to get clearer guidance on how separate repositories under Apache Fineract
should be introduced, reviewed, and maintained going forward.

Looking forward to your feedback.

Best regards,

Aman Mittal

Reply via email to