fineract-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ed Cable <edca...@mifos.org>
Subject Re: Please help evaluation Fineract's readiness for graduation
Date Tue, 24 Jan 2017 14:58:28 GMT
Markus,

Nazeer is continuing to work on addressing the areas of concern related to
QU10, QU40, and RE50.

Could you provide me access to the Apache Fineract website to address CO10
and then for CS10 do we want that on the Apache Fineract website or the
wiki?

Thanks,

Ed

On Tue, Jan 10, 2017 at 5:48 AM, Jim Jagielski <jim@jagunet.com> wrote:

> Agreed.
>
> > On Jan 6, 2017, at 8:41 PM, Roman Shaposhnik <roman@shaposhnik.org>
> wrote:
> >
> > On Fri, Jan 6, 2017 at 4:24 PM, Ed Cable <edcable@mifos.org> wrote:
> >> Could our Apache Fineract mentors please provide some guidance on a
> couple
> >> of the areas we need to improve upon:
> >>
> >> QU10 "*The project is open and honest about the quality of its code.
> >> Various levels of quality and maturity for various modules are natural
> and
> >> acceptable as long as they are clearly communicated." -*
> >>
> >> Do you have any other projects you could point to that have strong
> >> transparent measures of quality and maturity clearly available We want
> to
> >> follow best practices and adopt similar to display at
> >> http://fineract.incubator.apache.org
> >
> > Regular deployment of tools like Findbugs is a good indication that you
> take
> > this requirement seriously.
> >
> >> *QU30: The project provides a well-documented channel to report security
> >> issues, along with a documented way of responding to them.*
> >>
> >> Currently we just link to: http://www.apache.org/security/ Are we able
> to
> >> do as other projects at http://www.apache.org/security/projects.html
> or is
> >> a private channel not something we can set up till we're out of
> >> incubation.  If we can move forwarde, I'd suggest we have a security
> page
> >> on our site, document and fix known vulnerabilities and then provide
> clear
> >> instruction on reporting vulnerabilities to a private channel like
> >> security@fineract.incubator..apache.org
> >
> > This is less about security@fineract vs.  http://www.apache.org/
> security/
> > and more about the community being ready for when the first 0 day
> > hits either of those. Being ready is a combination of tribal knowledge,
> > wiki recommendations and a release policy that would allow you to patch
> > at a drop of a hat.
> >
> > Thanks,
> > Roman.
>
>


-- 
*Ed Cable*
Director of Community Programs, Mifos Initiative
edcable@mifos.org | Skype: edcable | Mobile: +1.484.477.8649

*Collectively Creating a World of 3 Billion Maries | *http://mifos.org
<http://facebook.com/mifos>  <http://www.twitter.com/mifos>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message