I just updated the home page to include the "security" link as well as other "apache links" using the model from Spark that James recommended - Thanks James.
Mr. Gruno, aside from David's concern which is still pending from last week, I think we've addressed all the issues and even added another "non-coding" committer (Ketrina) in the process. Can you please tell us what the next step will be? On Fri, Mar 11, 2016 at 7:45 AM, David Robinson <drobin1...@gmail.com> wrote: > Hi Daniel, > > I wanted to register a specific concern relative to the OK rating of the > IN10 checklist item. > > I will follow up with some more specifics, but didn't want this > conversation to pass by > with out registering a concern at this point. > > Thank you, > > On Thu, Mar 10, 2016 at 7:57 PM, James Thornton <ja...@jamesthornton.com> > wrote: > > > I just checked a few related/similar ASF projects to see how they have > > implemented their security channel. > > > > For example, under the Apache Software Foundation menu on the Spark > navbar, > > there is a link to the ASF security page... > > > > - http://spark.apache.org/ > > - http://www.apache.org/security/ > > > > - James > > > > On Tue, Mar 8, 2016 at 6:11 PM, Stephen Mallette <spmalle...@gmail.com> > > wrote: > > > > > I just added a the source download link to the homepage and included a > > link > > > to the TinkerPop dev docs on how to build. It was there already in a > > way, > > > but the change i put in there makes it more obvious. I think we can > check > > > those two items off the list. > > > > > > I assume everyone is ok with using secur...@apache.org? any thoughts > on > > > where we should include this information? is it something that has to > be > > on > > > the home page? can it just be in our reference documentation? > > > > > > finally we do have at least one non-coding committer. so i guess that > > once > > > we settle on the security thing, we largely cover the maturity model > > pretty > > > well. > > > > > > On Tue, Mar 8, 2016 at 6:40 AM, Daniel Gruno <humbed...@apache.org> > > wrote: > > > > > > > On 03/08/2016 12:37 PM, Stephen Mallette wrote: > > > > > Nice Daniel - thanks for doing that.... > > > > > > > > > > As for CD30 note that we do have: > > > > > > > > > > > > > > > > > > > > http://tinkerpop.apache.org/docs/3.1.1-incubating/dev/developer/#_getting_started > > > > > > > > Then get it on the front page somehow - it's not enough that we have > > the > > > > document, it must also be accessible. > > > > > > > > > > > > > > What's expected of QU30? I'm not sure I get that one... > > > > > > > > If someone finds a vulnerability in TinkerPop, they need a place to > > send > > > > their concerns. You can elect to have a security ML, or you can > default > > > > to the secur...@apache.org list. Either way, visitors to the page > > should > > > > be able to find this information. > > > > > > > > With regards, > > > > Daniel. > > > > > > > > > > > > > > > > > > > > > > > > On Tue, Mar 8, 2016 at 6:12 AM, Daniel Gruno <rum...@cord.dk> > wrote: > > > > > > > > > >> Hi folks, > > > > >> As part of our considerations about graduating TinkerPop, I have > > gone > > > > >> through the ASF Maturity Model developed by Bertrand Delacretaz > and > > > > >> looked at areas where we need to improve. > > > > >> > > > > >> The preliminary assessment can be found at: > > > > >> > > https://github.com/Humbedooh/maturity_docs/blob/master/tinkerpop.adoc > > > > >> > > > > >> Please review the issues that are not yet okay and let's come up > > with > > > > >> ways to solve them :) > > > > >> > > > > >> With regards, > > > > >> Daniel. > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > -- > > James Thornton, *http://electricspeed.com <http://electricspeed.com>* > > >
