Just doing a check-in as to where we stand. Nazeer has been addressing some of the outstanding points and has recently posted some additional release management documentation which can be viewed at https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=67640333
I have pushed the changes to the Apache Fineract website github repo and these have been merged the but the website is not reflecting the edits I made. Nazeer has requested feedback on the Findbugs Implementation he has ready go go. 2 active threads are being discussed related to security and backwards compatibility. We are also evaluating a couple additional committers and will soon be ready to call for graduation if our mentors too fee we are ready. Ed On Fri, Jan 27, 2017 at 10:14 AM, Jim Jagielski <j...@jagunet.com> wrote: > Makes sense. > > On Jan 25, 2017, at 10:52 PM, Shaik Nazeer <nazeer.shaik@ > confluxtechnologies.com> wrote: > > > > Instead of modifying Fineract website on every Fineract releases, can we > link required details to Fineract wiki pages? > > For example latest release details can be found at > https://cwiki.apache.org/confluence/display/FINERACT/Release+Folders > > > > Thanks, > > Nazeer > > -----Original Message----- > > From: Markus Geiß [mailto:mge...@mifos.org] > > Sent: 26 January 2017 01:55 > > To: Ed Cable > > Cc: dev (dev@fineract.incubator.apache.org) > > Subject: Re: Please help evaluation Fineract's readiness for graduation > > > > Hey Ed, > > > > the Apache Fineract website is a github repo you'll find at Apache's > github mirror. > > > > Simply fork it, create a new branch, do the needed changes and send a PR. > > > > Best wishes, > > > > Markus Geiss > > Chief Architect > > RɅĐɅЯ, The Mifos Initiative > > > > On Jan 24, 2017 15:58, "Ed Cable" <edca...@mifos.org> wrote: > > > >> Markus, > >> > >> Nazeer is continuing to work on addressing the areas of concern > >> related to QU10, QU40, and RE50. > >> > >> Could you provide me access to the Apache Fineract website to address > >> CO10 and then for CS10 do we want that on the Apache Fineract website > >> or the wiki? > >> > >> Thanks, > >> > >> Ed > >> > >> On Tue, Jan 10, 2017 at 5:48 AM, Jim Jagielski <j...@jagunet.com> wrote: > >> > >>> Agreed. > >>> > >>>> On Jan 6, 2017, at 8:41 PM, Roman Shaposhnik <ro...@shaposhnik.org> > >>> wrote: > >>>> > >>>> On Fri, Jan 6, 2017 at 4:24 PM, Ed Cable <edca...@mifos.org> wrote: > >>>>> Could our Apache Fineract mentors please provide some guidance on > >>>>> a > >>> couple > >>>>> of the areas we need to improve upon: > >>>>> > >>>>> QU10 "*The project is open and honest about the quality of its code. > >>>>> Various levels of quality and maturity for various modules are > >>>>> natural > >>> and > >>>>> acceptable as long as they are clearly communicated." -* > >>>>> > >>>>> Do you have any other projects you could point to that have strong > >>>>> transparent measures of quality and maturity clearly available We > >>>>> want > >>> to > >>>>> follow best practices and adopt similar to display at > >>>>> http://fineract.incubator.apache.org > >>>> > >>>> Regular deployment of tools like Findbugs is a good indication that > >>>> you > >>> take > >>>> this requirement seriously. > >>>> > >>>>> *QU30: The project provides a well-documented channel to report > >>> security > >>>>> issues, along with a documented way of responding to them.* > >>>>> > >>>>> Currently we just link to: http://www.apache.org/security/ Are we > >>> able to > >>>>> do as other projects at > >>>>> http://www.apache.org/security/projects.html > >>> or is > >>>>> a private channel not something we can set up till we're out of > >>>>> incubation. If we can move forwarde, I'd suggest we have a > >>>>> security > >>> page > >>>>> on our site, document and fix known vulnerabilities and then > >>>>> provide > >>> clear > >>>>> instruction on reporting vulnerabilities to a private channel like > >>>>> secur...@fineract.incubator..apache.org > >>>> > >>>> This is less about security@fineract vs. > >>> http://www.apache.org/security/ > >>>> and more about the community being ready for when the first 0 day > >>>> hits either of those. Being ready is a combination of tribal > >>>> knowledge, wiki recommendations and a release policy that would > >>>> allow you to patch at a drop of a hat. > >>>> > >>>> Thanks, > >>>> Roman. > >>> > >>> > >> > >> > >> -- > >> *Ed Cable* > >> Director of Community Programs, Mifos Initiative edca...@mifos.org | > >> Skype: edcable | Mobile: +1.484.477.8649 <(484)%20477-8649> > >> > >> *Collectively Creating a World of 3 Billion Maries | *http://mifos.org > >> <http://facebook.com/mifos> <http://www.twitter.com/mifos> > >> > >> > > > > -- *Ed Cable* Director of Community Programs, Mifos Initiative edca...@mifos.org | Skype: edcable | Mobile: +1.484.477.8649 *Collectively Creating a World of 3 Billion Maries | *http://mifos.org <http://facebook.com/mifos> <http://www.twitter.com/mifos>
