Hi, Moving the threat model discussion to a new mail thread.
On September 18, 2017 at 7:15:34 AM, Davide Giannella (dav...@apache.org) wrote: On 18/09/2017 12:40, Ian Boston wrote: > can be evaluated > as part of the release process, ideally before the next stable release. I mostly do releases here, let me drop a consideration. Our release process is already long. Let's not add too much stuff even more, specially if we have to do it at every release. Otherwise I don't think we'll be able to cope with the bi-weekly release. So let's be considerate about what adding to the release process. A word of caution ;) Cheers Davide