community-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kay Schenk <kay.sch...@gmail.com>
Subject Re: A maturity model for Apache projects
Date Thu, 15 Jan 2015 22:29:06 GMT
On 01/15/2015 02:47 AM, Bertrand Delacretaz wrote:
> On Wed, Jan 14, 2015 at 8:29 PM, Phil Steitz <phil.steitz@gmail.com> wrote:
>> ...QO30 - do we really want individual projects to have / advertise
>> their own ways to take security reports?...
> 
> We do not want that, agreed, but as I want the model to be usable by
> non-Apache projects as well I'm trying to focus on the core principles
> in the model, and leave the Apache specifics to footnotes.
> 
> I have added a footnote to QU30 that points to
> http://www.apache.org/security/ as the default, does that work for
> you?
> 
> Sling for example has
> http://sling.apache.org/project-information/security.html which is a
> bit more Sling-specific and also points to
> http://www.apache.org/security/
> 
> -Bertrand
> 

LC20 needs a lot more expansion. There are so many open source licenses.
Depending on the complexity of the given ASF project, it's a challenge
to evaluate LC20.

-- 
-------------------------------------------------------------------------
MzK

"There's a bit of magic in everything,
  and some loss to even things out."
                    -- Lou Reed

Mime
View raw message