fineract-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Markus Geiß <mge...@mifos.org>
Subject Re: Please help evaluation Fineract's readiness for graduation
Date Wed, 25 Jan 2017 20:25:24 GMT
Hey Ed,

the Apache Fineract website is a github repo you'll find at Apache's github
mirror.

Simply fork it, create a new branch, do the needed changes and send a PR.

Best wishes,

Markus Geiss
Chief Architect
RɅĐɅЯ, The Mifos Initiative

On Jan 24, 2017 15:58, "Ed Cable" <edcable@mifos.org> wrote:

> Markus,
>
> Nazeer is continuing to work on addressing the areas of concern related to
> QU10, QU40, and RE50.
>
> Could you provide me access to the Apache Fineract website to address CO10
> and then for CS10 do we want that on the Apache Fineract website or the
> wiki?
>
> Thanks,
>
> Ed
>
> On Tue, Jan 10, 2017 at 5:48 AM, Jim Jagielski <jim@jagunet.com> wrote:
>
>> Agreed.
>>
>> > On Jan 6, 2017, at 8:41 PM, Roman Shaposhnik <roman@shaposhnik.org>
>> wrote:
>> >
>> > On Fri, Jan 6, 2017 at 4:24 PM, Ed Cable <edcable@mifos.org> wrote:
>> >> Could our Apache Fineract mentors please provide some guidance on a
>> couple
>> >> of the areas we need to improve upon:
>> >>
>> >> QU10 "*The project is open and honest about the quality of its code.
>> >> Various levels of quality and maturity for various modules are natural
>> and
>> >> acceptable as long as they are clearly communicated." -*
>> >>
>> >> Do you have any other projects you could point to that have strong
>> >> transparent measures of quality and maturity clearly available We want
>> to
>> >> follow best practices and adopt similar to display at
>> >> http://fineract.incubator.apache.org
>> >
>> > Regular deployment of tools like Findbugs is a good indication that you
>> take
>> > this requirement seriously.
>> >
>> >> *QU30: The project provides a well-documented channel to report
>> security
>> >> issues, along with a documented way of responding to them.*
>> >>
>> >> Currently we just link to: http://www.apache.org/security/ Are we
>> able to
>> >> do as other projects at http://www.apache.org/security/projects.html
>> or is
>> >> a private channel not something we can set up till we're out of
>> >> incubation.  If we can move forwarde, I'd suggest we have a security
>> page
>> >> on our site, document and fix known vulnerabilities and then provide
>> clear
>> >> instruction on reporting vulnerabilities to a private channel like
>> >> security@fineract.incubator..apache.org
>> >
>> > This is less about security@fineract vs.
>> http://www.apache.org/security/
>> > and more about the community being ready for when the first 0 day
>> > hits either of those. Being ready is a combination of tribal knowledge,
>> > wiki recommendations and a release policy that would allow you to patch
>> > at a drop of a hat.
>> >
>> > Thanks,
>> > Roman.
>>
>>
>
>
> --
> *Ed Cable*
> Director of Community Programs, Mifos Initiative
> edcable@mifos.org | Skype: edcable | Mobile: +1.484.477.8649
> <(484)%20477-8649>
>
> *Collectively Creating a World of 3 Billion Maries | *http://mifos.org
> <http://facebook.com/mifos>  <http://www.twitter.com/mifos>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message