eagle-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Wu <mchl....@gmail.com>
Subject Re: [DISCUSS] Is Eagle ready to graduate?
Date Thu, 01 Sep 2016 05:17:23 GMT
Security page at http://eagle.incubator.apache.org/sup/index.html is
updated with new content, please review if it conforms to what we expected.

On Thu, Aug 25, 2016 at 10:28 AM, Michael Wu <mchl.wu5@gmail.com> wrote:

> Hi mentors,
>
> I will update security page content taking the mentioned aspects.
>
> Except for the security part, is there any other gaps that you feel eagle
> has to fill before graduation? Please feel free to point issues out and we
> will do our best to get aligned to what graduation requires. Thanks.
>
> Michael
>
> On Wed, Aug 24, 2016 at 9:53 AM, Julian Hyde <jhyde@apache.org> wrote:
>
>> I did a quick survey, and it seems that most projects do not have a
>> security team[1], which means that vulnerabilities should be reported to
>> security@apache.org. Of the projects that do, Kafka seems a good model
>> to follow; its security page is simple and clear[2].
>>
>> Julian
>>
>> [1] http://www.apache.org/security/projects.html <
>> http://www.apache.org/security/projects.html>
>>
>> [2] http://kafka.apache.org/project-security.html <
>> http://kafka.apache.org/project-security.html>
>>
>>
>> > On Aug 23, 2016, at 6:29 PM, P. Taylor Goetz <ptgoetz@gmail.com> wrote:
>> >
>> >
>> > The maturity model assessment looks good to me, though I haven't delved
>> deep into it.
>> >
>> > Regarding security issues, since Eagle is a security-related product I
>> would expect there to be a well-defined process/protocol that ensured
>> vulnerability reports were kept private until patched, CVE process, etc.
>> Eagle hasn't had any major security issues during incubation, but should be
>> prepared for them after graduation.
>> >
>> > Here [1] [2] are two great resources for understanding what is expected
>> from an ASF standpoint.
>> >
>> > -Taylor
>> >
>> > [1] http://www.apache.org/security/
>> > [2] http://www.apache.org/security/committers.html
>> >
>> >> On Aug 23, 2016, at 6:52 PM, Julian Hyde <jhyde@apache.org> wrote:
>> >>
>> >> I reviewed https://cwiki.apache.org/confl
>> uence/display/EAG/Eagle+Podling+Maturity+Assessment <
>> https://cwiki.apache.org/confluence/display/EAG/Eagle+Podli
>> ng+Maturity+Assessment> and it looks good.
>> >>
>> >> Only one issue. Regarding QU30: The dev list and JIRA (listed in
>> http://eagle.incubator.apache.org/sup/index.html <
>> http://eagle.incubator.apache.org/sup/index.html>) do not seem
>> appropriate places to report security issues, because they are public. Is a
>> private channel needed?
>> >>
>> >> Can some other mentors please review?
>> >>
>> >> I think the consensus is emerging that Eagle is ready to graduate. The
>> community should start taking steps to graduate, including agreeing bylaws
>> (or deciding that bylaws are not necessary), choosing an initial PMC chair,
>> crafting the resolution for the Board, and starting a vote thread.
>> >>
>> >> Julian
>> >>
>> >>
>> >>
>> >>> On Jul 31, 2016, at 9:05 PM, Edward Zhang <yonzhang2012@apache.org>
>> wrote:
>> >>>
>> >>> I have commented some assessment points and we can remove that once
>> after
>> >>> they are reviewed.
>> >>>
>> >>> Thanks
>> >>> Edward
>> >>>
>> >>>> On Sun, Jul 31, 2016 at 7:09 PM, Hao Chen <hao@apache.org>
wrote:
>> >>>>
>> >>>> Thanks Michael for preparing the "Eagle Podling Maturity Assessment".
>> >>>>
>> >>>> Eagle community,
>> >>>>
>> >>>> could you (in particular Mentors & PPMC) please help review
and
>> comment?
>> >>>>
>> >>>> - Hao
>> >>>>
>> >>>>> On Fri, Jul 29, 2016 at 4:36 PM, Michael Wu <mchl.wu5@gmail.com>
>> wrote:
>> >>>>>
>> >>>>> Hi guys,
>> >>>>>
>> >>>>> Following the model Julian cited, we created a wiki page for
>> >>>>> self-assessment at:
>> >>>>>
>> >>>>>
>> >>>> https://cwiki.apache.org/confluence/display/EAG/Eagle+Podlin
>> g+Maturity+Assessment
>> >>>>> .
>> >>>>> Please take a look at it and make your valuable judgement and
>> >>>> instructions.
>> >>>>>
>> >>>>> Overall, according to the aspects that the model values and
>> inspects, and
>> >>>>> traverse the results listed in the wiki page, personally, I
think
>> Eagle
>> >>>> is
>> >>>>> approaching the point of graduation, and is facing the right
way
>> towards
>> >>>>> it. (please correct me if i'm wrong, thanks)
>> >>>>>
>> >>>>> In this assessment wiki page, status "OK" stands for the all
>> resolved
>> >>>>> items, status "ON GOING" stands for 2 items that we're striving
to
>> work
>> >>>> on
>> >>>>> and will update. Additionally, there is 1 item marked as "NOT
APPLY"
>> >>>>> because the "convenient binaries" model seems not fitting for
eagle,
>> >>>> could
>> >>>>> you please verify if it's true and rule RE40
>> >>>>> <
>> >>>>>
>> >>>> https://cwiki.apache.org/confluence/display/EAG/Eagle+Podlin
>> g+Maturity+Assessment#EaglePodlingMaturityAssessment-RE40
>> >>>>>>
>> >>>>> could be skipped?
>> >>>>>
>> >>>>> Any comment and instruction will be appreciated, as all we made
or
>> will
>> >>>>> make is to keep the project running in the right way. :)
>> >>>>>
>> >>>>> Michael
>> >>>>>
>> >>>>>> On Fri, Jul 29, 2016 at 12:28 PM, Hao Chen <hao@apache.org>
wrote:
>> >>>>>>
>> >>>>>> Thanks very much for bringing up graduation discussion for
Eagle.
>> >>>>>>
>> >>>>>> Eagle community has almost fully understand how to run an
open
>> source
>> >>>>>> project in apache way.  Apache Eagle (incubating) is now
open to be
>> >>>>>> contributed and adopted by lots of different organizations
>> including
>> >>>> but
>> >>>>>> not limited to eBay, Paypal, Dataguides, Yihaodian, etc.
The
>> community
>> >>>>> has
>> >>>>>> continuously been building and expanding itself by sharing
and
>> talking
>> >>>>>> eagle with the word industry in international conferences
like
>> Hadoop
>> >>>>>> Summit, Hadoop Stratus, QCon in San Jose, London, Dublin,
Shanghai,
>> >>>>>> Beijing, etc. and also lots of meetups. And the community
has
>> >>>>> successfully
>> >>>>>> release v0.3.0, v0.4.0 and is actively preparing v0.5.0
following
>> >>>> apache
>> >>>>>> releasing process.
>> >>>>>>
>> >>>>>> To make it clear how close is eagle ready to graduate, right
now
>> the
>> >>>>>> community is working on preparing an "Eagle Podling Maturity
>> >>>> Assessment"
>> >>>>> to
>> >>>>>> measure how mature eagle is and what tasks may remain before
>> >>>> graduation,
>> >>>>>> will be sent out very soon.
>> >>>>>>
>> >>>>>> - Hao
>> >>>>>>
>> >>>>>> On Fri, Jul 29, 2016 at 11:25 AM, P. Taylor Goetz <
>> ptgoetz@gmail.com>
>> >>>>>> wrote:
>> >>>>>>
>> >>>>>>> Graduation is mostly about whether a podling is healthy
in terms
>> of
>> >>>>>>> growing the community and making releases. I don't think
technical
>> >>>>> issues
>> >>>>>>> are relevant here.
>> >>>>>>>
>> >>>>>>> -Taylor
>> >>>>>>>
>> >>>>>>>> On Jul 28, 2016, at 8:12 PM, Tang Jijun(上海_技术部_架构部_大数据平台_唐觊隽)
<
>> >>>>>>> tangjijun@yhd.com> wrote:
>> >>>>>>>>
>> >>>>>>>> I don't think eagle is ready to graduate.
>> >>>>>>>> Because
>> >>>>>>>> 1 Code is not stable.
>> >>>>>>>> 2 Project need more unit test.
>> >>>>>>>>
>> >>>>>>>> Best Wishes
>> >>>>>>>>
>> >>>>>>>> 唐觊隽
>> >>>>>>>> Jr. Engineer , Architecture - Fundation, Tech Dept
>> >>>>>>>> Floor 4, 295 ZUCHONGZHI RD, Zhangjiang, Shanghai
(201203)
>> >>>>>>>>
>> >>>>>>>> -----邮件原件-----
>> >>>>>>>> 发件人: Edward Zhang [mailto:yonzhang2012@apache.org]
>> >>>>>>>> 发送时间: 2016年7月29日 5:19
>> >>>>>>>> 收件人: dev@eagle.incubator.apache.org
>> >>>>>>>> 主题: Re: [DISCUSS] Is Eagle ready to graduate?
>> >>>>>>>>
>> >>>>>>>> Yes, we should discuss that on the list, and will
go through
>> >>>> maturity
>> >>>>>>> model first soon.
>> >>>>>>>>
>> >>>>>>>> Thanks
>> >>>>>>>> Edward
>> >>>>>>>>
>> >>>>>>>>> On Thu, Jul 28, 2016 at 2:15 PM, Julian Hyde
<jhyde@apache.org>
>> >>>>>> wrote:
>> >>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>>> … also want to discuss this with other
contributors.
>> >>>>>>>>>
>> >>>>>>>>> Why not discuss with them on this list?
>> >>>>>>>>>
>> >>>>>>>>> Julian
>> >>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>
>> >>>>>>
>> >>>>>
>> >>>>
>> >>
>>
>>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message