I just checked a few related/similar ASF projects to see how they have implemented their security channel.
For example, under the Apache Software Foundation menu on the Spark navbar, there is a link to the ASF security page... - http://spark.apache.org/ - http://www.apache.org/security/ - James On Tue, Mar 8, 2016 at 6:11 PM, Stephen Mallette <spmalle...@gmail.com> wrote: > I just added a the source download link to the homepage and included a link > to the TinkerPop dev docs on how to build. It was there already in a way, > but the change i put in there makes it more obvious. I think we can check > those two items off the list. > > I assume everyone is ok with using secur...@apache.org? any thoughts on > where we should include this information? is it something that has to be on > the home page? can it just be in our reference documentation? > > finally we do have at least one non-coding committer. so i guess that once > we settle on the security thing, we largely cover the maturity model pretty > well. > > On Tue, Mar 8, 2016 at 6:40 AM, Daniel Gruno <humbed...@apache.org> wrote: > > > On 03/08/2016 12:37 PM, Stephen Mallette wrote: > > > Nice Daniel - thanks for doing that.... > > > > > > As for CD30 note that we do have: > > > > > > > > > http://tinkerpop.apache.org/docs/3.1.1-incubating/dev/developer/#_getting_started > > > > Then get it on the front page somehow - it's not enough that we have the > > document, it must also be accessible. > > > > > > > > What's expected of QU30? I'm not sure I get that one... > > > > If someone finds a vulnerability in TinkerPop, they need a place to send > > their concerns. You can elect to have a security ML, or you can default > > to the secur...@apache.org list. Either way, visitors to the page should > > be able to find this information. > > > > With regards, > > Daniel. > > > > > > > > > > > > > > On Tue, Mar 8, 2016 at 6:12 AM, Daniel Gruno <rum...@cord.dk> wrote: > > > > > >> Hi folks, > > >> As part of our considerations about graduating TinkerPop, I have gone > > >> through the ASF Maturity Model developed by Bertrand Delacretaz and > > >> looked at areas where we need to improve. > > >> > > >> The preliminary assessment can be found at: > > >> https://github.com/Humbedooh/maturity_docs/blob/master/tinkerpop.adoc > > >> > > >> Please review the issues that are not yet okay and let's come up with > > >> ways to solve them :) > > >> > > >> With regards, > > >> Daniel. > > >> > > > > > > > > -- James Thornton, *http://electricspeed.com <http://electricspeed.com>*
