Hi colleagues! I just received this email. Not sure what this all means. ---------- Forwarded message --------- От: Santiago Díaz <sald...@google.com> Date: чт, 4 июн. 2020 г. в 21:47 Subject: Contribution - CSP support for Wicket To: <andru...@gmail.com>
Hello Andrew, My name is Santiago, I'm a Security Engineer at Google. I am currently making preparations to receive a small group of interns for this summer's Google internships and found your email during the course of my research. *Context* Here at Google we have a lot of experience deploying security mechanisms (like Content Security Policy, Trusted Types, Fetch Metadata, Cross-Origin Opener Policy and others) at scale. We understand the pains of designing strong security policies, finding blockers for their deployment and locating pieces of code that need refactoring. *Why are you receiving this email?* For this year's internships (and considering the current global situation) we would like to contribute to selected open source projects, bringing some of our experience to *encourage adoption of some of these security enhancements*. Wicket is one of the projects we have shortlisted and we'd be happy to collaborate with you! I found out that there is an ongoing discussion over at https://issues.apache.org/jira/browse/WICKET-5406 to improve CSP support in Wicket and that *you have been running some experiments on what that would look like*. Having said that, it would be great if we could boost your work instead of reinventing the wheel. As such, I would like to know if you'd be open to our contributions and if so, whether you'd be willing to give me some context on what has been done, what issues you've come across and whether you have any thoughts on what would be the best way for us to contribute. Thank you for reading and I'm looking forward to hearing from you! :) S.