Hi all, I’d like to start a discussion and request *PMC and community review* of *fineract-backoffice-ui* and the proposed security threat model included in its review PR.
The main *FINERACT* repository already has an implemented threat model. In parallel, we now also have separate repositories under the Apache Fineract project that are under active development and are not yet release-ready. I think this is a good opportunity to review how we approach security, contributions, and PMC/community review for those repositories, while also providing a clearer distinction between the main FINERACT codebase and separate project repositories. One repository I’d specifically like to introduce is *fineract-backoffice-ui*: https://github.com/apache/fineract-backoffice-ui For context, *fineract-backoffice-ui* is a work-in-progress Angular-based frontend for the core Fineract APIs, intended to provide a modern back-office interface for Apache Fineract. It follows an API-first approach and is being developed as a separate repository rather than inside the main FINERACT codebase. As part of the current review for *fineract-backoffice-ui*, I have opened the following PR: https://github.com/apache/fineract-backoffice-ui/pull/99 The PR includes a sample security threat model for *fineract-backoffice-ui*. I’m looking for PMC and community feedback on the PR itself, on the proposed threat model, and on how we can improve the overall review approach for repositories like this. In particular, I’d appreciate feedback on: - the current review PR for *fineract-backoffice-ui*, - the proposed security threat model included in that PR and how it can be improved, - and how we should approach contributions and review expectations for repositories that are separate from the main FINERACT codebase. My goal is both to move forward the review of *fineract-backoffice-ui* and to get clearer guidance on how separate repositories under Apache Fineract should be introduced, reviewed, and maintained going forward. Looking forward to your feedback. Best regards, Aman Mittal
