You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Apache Geronimo Project Policies

Although not easy, here we try to convey some policies of how the Apache Geronimo project tackles different processes and every day decision making situations. This is clearly not an extensive list but we are working to make it more complete every day.

Contributing to Geronimo Docs

Before you can be given write access to the documentation wiki spaces (like GMOxDOC21, GMOxDOC22, GMOxSAMPLES), but not areas restricted to committers (like GMOxPMGT and GMOxSITE), you will need to submit an ICLA to the ASF and show up on the following page of received CLAs.

Security Vulnerabilities

The process for submitting known problems is on the Geronimo website under Security Reports.

The suggested process for handling submitted vulnerabilities:

  1. Team ACKs security report.
  2. Team investigates report and either rejects it or accepts it.
  3. If rejected, write to submitter and explain why.
  4. If accepted, write to submitter and let them know it is accepted and we are working on a fix.
  5. Request a CVE number from security@a.o
  6. Agree on a fix on our private@ list.
  7. Provide the submitter with a copy of the fix and a draft vulnerability announcement for comment.
  8. Reach an agreement for the fix, announcement and release schedule with the submitter.
  9. Commit the fix in all actively maintained releases.
  10. Roll a release for each actively maintained branch (unreleased trunk can wait.)
  11. Announce the vulnerability (users, dev, security@a.o and project security pages)
  12. Update the svn log to include the CVE number.

Access to TCK

Apache committers can request access to TCK following this process:

  • Requester sends a note to the PMC list requesting access with a quick summary of their goals.
  • PMC member acknowledges receipt of the request back to the user.
  • Same PMC member sends a note to the appropriate keeper of NDAs on jcp-open and the Geronimo PMC with a subject of:

    [TCK] Request for TCK access for Apache Geronimo TCK materials. Please verify NDA is on file.

    and includes relevant information about the committer and their request.

  • Waiting period:
    • Geronimo committers will be granted r/w access upon confirmation of the NDA being on file.
    • Other committers will be granted read-only access after the request has been available for comment for 72 hours. If there is no -1 on the request and we have received positive acknowledgment about the NDA then a PMC member sends a note to the user and PMC with a subject like:

      [TCK] Access request for TCK repo from ....... is approved.

The chair or authorized member can update the SVN authorization file and notify the user of the URL and current relevant information. Geronimo committers are given r/w access and others are given read-only and they can start earning karma.

  • No labels