Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id C6DF5200C03 for ; Sat, 7 Jan 2017 02:41:47 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id C3B00160B48; Sat, 7 Jan 2017 01:41:47 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 1827C160B39 for ; Sat, 7 Jan 2017 02:41:46 +0100 (CET) Received: (qmail 90462 invoked by uid 500); 7 Jan 2017 01:41:46 -0000 Mailing-List: contact dev-help@fineract.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@fineract.incubator.apache.org Delivered-To: mailing list dev@fineract.incubator.apache.org Received: (qmail 90448 invoked by uid 99); 7 Jan 2017 01:41:46 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 07 Jan 2017 01:41:46 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 708911A0212 for ; Sat, 7 Jan 2017 01:41:45 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.219 X-Spam-Level: X-Spam-Status: No, score=-0.219 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd2-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id uyZ7coEsAKN8 for ; Sat, 7 Jan 2017 01:41:41 +0000 (UTC) Received: from mail-oi0-f46.google.com (mail-oi0-f46.google.com [209.85.218.46]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id EB2445F477 for ; Sat, 7 Jan 2017 01:41:40 +0000 (UTC) Received: by mail-oi0-f46.google.com with SMTP id 128so440369187oig.0 for ; Fri, 06 Jan 2017 17:41:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to; bh=ctYUr2FvUIVZGAt+9e/VyK1NU3KavHFwSRC2zERHm60=; b=jgHuo+sx5qAux40Xp9d8iqfUSnj+Q/WfVAJcq7jQnuHBUHV/qdqxaOyKvhKrL0CfLF hyDvOYzMWU3w1OaHvhCUtelndAVGOR8M/A21CNS8hiNPrLc2GXq+J40VeSdEPMwCsdEE CudESJ5L6CtEj4P3mTN7KgFnqKOsXY4DtUHfxLk4kUxPJLlTGRd8YmcWUJktQDPJoSpf BZMVbtEloElTVyrAk04G3XbAwuzfn10fJVRDCtJd6S69y2vXQLxiGEuQ6dWdE/cDAQq0 xMpCq5vT13FuyX8KO67OHzRcfwSy7jGUVG8V/NTho9Vc/7i+h81pO+QjosQLN5a/kOXS FgLA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to; bh=ctYUr2FvUIVZGAt+9e/VyK1NU3KavHFwSRC2zERHm60=; b=aEL879pe3WrY7oKiWr4JgUzb1cKfzNJPBLS0HprRNpcnN+7sLDq9DqtSSnNnoVHdxY xFGRcF7NqD6V9YC1NWxm/d0Iw0WLr9j7g8+iNMPAgJpsJHt3Ttl1WFavPw1flOvC1IEy KUrMWW6CKdwoez74QCDUIbeUusClh9uRHihQxX6l8shSEO0E5h6j5OUEI4vAO+3Q+7tg rMFZsNGxX0pS/HeGWVHVKO5TMx/JZtmSTKw8Vk9CcyQ5HCAgWqtOk4n87K1v5YT6o6Ly +KhlqgU2nlQtLT/N1hIxEuDaBcanWqhklC2YZVBjhVFAe0SWI77Ljakykbvi894oEL82 yKiQ== X-Gm-Message-State: AIkVDXJ1QqLnDEdxYuUla3L1AJ5emx5jJor4QE9WswyMH4jT0ue942USdR8arVyZNTjIjOWj4xxlppf0fzgAlA== X-Received: by 10.157.49.1 with SMTP id e1mr2743906otc.156.1483753299597; Fri, 06 Jan 2017 17:41:39 -0800 (PST) MIME-Version: 1.0 Sender: shaposhnik@gmail.com Received: by 10.182.2.137 with HTTP; Fri, 6 Jan 2017 17:41:38 -0800 (PST) In-Reply-To: References: From: Roman Shaposhnik Date: Fri, 6 Jan 2017 17:41:38 -0800 X-Google-Sender-Auth: TdUSwAOwnx6MmK2kW44Xz1w3qUw Message-ID: Subject: Re: Please help evaluation Fineract's readiness for graduation To: dev@fineract.incubator.apache.org Content-Type: text/plain; charset=UTF-8 archived-at: Sat, 07 Jan 2017 01:41:48 -0000 On Fri, Jan 6, 2017 at 4:24 PM, Ed Cable wrote: > Could our Apache Fineract mentors please provide some guidance on a couple > of the areas we need to improve upon: > > QU10 "*The project is open and honest about the quality of its code. > Various levels of quality and maturity for various modules are natural and > acceptable as long as they are clearly communicated." -* > > Do you have any other projects you could point to that have strong > transparent measures of quality and maturity clearly available We want to > follow best practices and adopt similar to display at > http://fineract.incubator.apache.org Regular deployment of tools like Findbugs is a good indication that you take this requirement seriously. > *QU30: The project provides a well-documented channel to report security > issues, along with a documented way of responding to them.* > > Currently we just link to: http://www.apache.org/security/ Are we able to > do as other projects at http://www.apache.org/security/projects.html or is > a private channel not something we can set up till we're out of > incubation. If we can move forwarde, I'd suggest we have a security page > on our site, document and fix known vulnerabilities and then provide clear > instruction on reporting vulnerabilities to a private channel like > security@fineract.incubator..apache.org This is less about security@fineract vs. http://www.apache.org/security/ and more about the community being ready for when the first 0 day hits either of those. Being ready is a combination of tribal knowledge, wiki recommendations and a release policy that would allow you to patch at a drop of a hat. Thanks, Roman.