to my opinion they just want to contribute to Wicket. I would simply explain 
how the process of contribution works at ASF (PRs, etc.) and give them some 
information what challenges we were faced with till now.

kind regards


> Am 05.06.2020 um 02:18 schrieb Andrew Kondratev <and...@kondratev.pro>:
> Hi colleagues! I just received this email. Not sure what this all means.
> ---------- Forwarded message ---------
> От: Santiago Díaz <sald...@google.com>
> Date: чт, 4 июн. 2020 г. в 21:47
> Subject: Contribution - CSP support for Wicket
> To: <andru...@gmail.com>
> Hello Andrew,
> My name is Santiago, I'm a Security Engineer at Google. I am currently
> making preparations to receive a small group of interns for this summer's
> Google internships and found your email during the course of my research.
> *Context*
> Here at Google we have a lot of experience deploying security mechanisms
> (like Content Security Policy, Trusted Types, Fetch Metadata, Cross-Origin
> Opener Policy and others) at scale. We understand the pains of designing
> strong security policies, finding blockers for their deployment and
> locating pieces of code that need refactoring.
> *Why are you receiving this email?*
> For this year's internships (and considering the current global situation)
> we would like to contribute to selected open source projects, bringing some
> of our experience to *encourage adoption of some of these security
> enhancements*. Wicket is one of the projects we have shortlisted and we'd
> be happy to collaborate with you!
> I found out that there is an ongoing discussion over at
> https://issues.apache.org/jira/browse/WICKET-5406 to improve CSP support in
> Wicket and that *you have been running some experiments on what that would
> look like*.
> Having said that, it would be great if we could boost your work instead of
> reinventing the wheel. As such, I would like to know if you'd be open to
> our contributions and if so, whether you'd be willing to give me some
> context on what has been done, what issues you've come across and whether
> you have any thoughts on what would be the best way for us to contribute.
> Thank you for reading and I'm looking forward to hearing from you! :)
> S.

Reply via email to