geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [CONF] Apache Geronimo Project Management > Geronimo Project Policies
Date Sat, 14 Aug 2010 21:26:00 GMT
    <base href="">
            <link rel="stylesheet" href="/confluence/s/1810/9/1/_/styles/combined.css?spaceKey=GMOxPMGT&amp;forWysiwyg=true"
<body style="background: white;" bgcolor="white" class="email-body">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
    <h2><a href="">Geronimo
Project Policies</a></h2>
    <h4>Page <b>edited</b> by             <a href="">Kevan
                         <h4>Changes (4)</h4>
<div id="page-diffs">
            <table class="diff" cellpadding="0" cellspacing="0">
            <tr><td class="diff-snipped" >...<br></td></tr>
            <tr><td class="diff-unchanged" > <br> <br></td></tr>
            <tr><td class="diff-changed-lines" >h2. Access to <span class="diff-added-words"style="background-color:
#dfd;">Geronimo</span> TCK <span class="diff-added-words"style="background-color:
#dfd;">Test Harness</span> <br></td></tr>
            <tr><td class="diff-unchanged" > <br></td></tr>
            <tr><td class="diff-changed-lines" >Apache committers can request
access to <span class="diff-added-words"style="background-color: #dfd;">the</span>
TCK following this process: <br></td></tr>
            <tr><td class="diff-unchanged" > <br></td></tr>
            <tr><td class="diff-added-lines" style="background-color: #dfd;">#
Requester should send a note to requesting access to the JCP TCKs  <br></td></tr>
            <tr><td class="diff-changed-lines" ># Requester <span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">sends</span>
<span class="diff-added-words"style="background-color: #dfd;">should also send</span>
a note to the PMC list requesting access <span class="diff-added-words"style="background-color:
#dfd;">to the Geronimo Test Harness</span> with a quick summary of their goals. <br></td></tr>
            <tr><td class="diff-unchanged" ># PMC member acknowledges receipt
of the request back to the user. <br># PMC member confirms that requester has submitted
an NDA: <br></td></tr>
            <tr><td class="diff-snipped" >...<br></td></tr>
</div>                            <h4>Full Content</h4>
                    <div class="notificationGreySide">
        <h1><a name="GeronimoProjectPolicies-ApacheGeronimoProjectPolicies"></a>Apache
Geronimo Project Policies</h1>

<p>Although not easy, here we try to convey some policies of how the Apache Geronimo
project tackles different processes and every day decision making situations. This is clearly
not an extensive list but we are working to make it more complete every day.</p>

<h2><a name="GeronimoProjectPolicies-ContributingtoGeronimoDocs"></a>Contributing
to Geronimo Docs</h2>

<p>Before you can be given write access to the documentation wiki spaces (like GMOxDOC21,
GMOxDOC22, GMOxSAMPLES), but not areas restricted to committers (like GMOxPMGT and GMOxSITE),
you will need to submit an <a href="" class="external-link"
rel="nofollow">ICLA</a> to the ASF and show up on the following page of received
<a href="" class="external-link" rel="nofollow">CLAs</a>.</p>

<h2><a name="GeronimoProjectPolicies-SecurityVulnerabilities"></a>Security

<p>The process for submitting known problems is on the Geronimo website under <a
href="" class="external-link" rel="nofollow">Security

<p>The suggested process for handling submitted vulnerabilities:</p>
	<li>Team ACKs security report.</li>
	<li>Team investigates report and either rejects it or accepts it.</li>
	<li>If rejected, write to submitter and explain why.</li>
	<li>If accepted, write to submitter and let them know it is accepted and we are working
on a fix.</li>
	<li>Request a CVE number from security@a.o</li>
	<li>Agree on a fix on our private@ list.</li>
	<li>Provide the submitter with a copy of the fix and a draft vulnerability announcement
for comment.</li>
	<li>Reach an agreement for the fix, announcement and release schedule with the submitter.</li>
	<li>Create a JIRA and commit the fix in all actively maintained releases.</li>
	<li>Announce the vulnerability (users, dev, security@a.o, bugtraq at,
full-disclosure at and project security pages)</li>
	<li>Update the JIRA and svn log to include the CVE number.</li>
	<li>Roll a release for each actively maintained branch (unreleased trunk can wait.)</li>

<h2><a name="GeronimoProjectPolicies-AccesstoGeronimoTCKTestHarness"></a>Access
to Geronimo TCK Test Harness</h2>

<p>Apache committers can request access to the TCK following this process:</p>

	<li>Requester should send a note to requesting access to the JCP
	<li>Requester should also send a note to the PMC list requesting access to the Geronimo
Test Harness with a quick summary of their goals.</li>
	<li>PMC member acknowledges receipt of the request back to the user.</li>
	<li>PMC member confirms that requester has submitted an NDA:
	<ul class="alternate" type="square">
		<li>ASF members can confirm by inspecting the contents of <a href=""
class="external-link" rel="nofollow"></a>
		<li>Non-member can send a note to the appropriate keeper of NDAs on jcp-open and the
Geronimo PMC with a subject of:
<br class="atl-forced-newline" />
<br class="atl-forced-newline" />
&#42;&#42;<tt><b>[TCK] Request for TCK access for Apache Geronimo TCK
materials.   Please verify NDA is on file.</b></tt>
<br class="atl-forced-newline" />
<br class="atl-forced-newline" />
and includes relevant information about the committer and their request.
<br class="atl-forced-newline" />
<br class="atl-forced-newline" /></li>
		<li>Waiting period:
		<ul class="alternate" type="square">
			<li>Geronimo committers will be granted <b>r/w access</b> to svn, TCK
wiki and accounts on selene, phoebe and tck01-tck08 upon confirmation of the NDA being on
			<li>Other Apache committers will be granted <b>read-only access</b> to
svn and TCK wiki (but no access to selene, phoebe, tck01-08) upon confirmation of the NDA
being on file.</li>

<p>The chair or authorized member will update the SVN authorization file, provide access
to other resources as appropriate and notify the user of the URL and current relevant information.
 Geronimo committers are given r/w access and others are given read-only and they can start
earning karma.</p>
        <div id="commentsSection" class="wiki-content pageSection">
        <div style="float: right;">
            <a href=""
class="grey">Change Notification Preferences</a>
        <a href="">View
        <a href="">View
        <a href=";showCommentArea=true#addcomment">Add

View raw message