lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Chess <>
Subject access policy for Java Open Review Project
Date Tue, 19 Dec 2006 05:16:06 GMT
Hi all, I've been busy creating JOR accounts this weekend, and it was cool
to see so many names from Lucene.  Lucene, Solr, and Nutch have the lowest
defect rates among the projects we've looked at, and I'm beginning to see

One of the things JOR is doing is inviting people to come and help review
issues we find with static analysis.  We've had a fair number of signups
since the project was on slashdot.

My question is, would you like to allow outsiders to go through results and
help sort the real bugs from the chaff?  The upside is that volunteers may
perform useful work and that it may be another avenue to get people involved
with the code.  The down side is that things like XSS in admin pages may
lead them to make more ruckus than is really appropriate.

The situation may change if we can establish a mechanism for efficiently
moving issues into Jira, but for now, I could imagine a number of different
policies, including:
  - Allow anyone access who asks for it.
  - Allow access on a case-by-case basis.
  - Don't allow access to outsiders.

Here are the "outsiders" who've requested access so far, along with a few
words to summarize what they've told me about themselves.

Varun Nair <>: budding code auditor at TCS
Martin Englund <>: Experienced auditor at Sun Looks like he's just testing the waters

Lucene, Nutch, Solr
Thierry De Leeuw <>: experienced vulnerability hunter
Michael Bunzel <>: experienced auditor, but new to
                                    auditing Java


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message