Re: [Hyperledger Project TSC] CII Badge as graduation/1.0 requirement
+1 from Dan Middleton.toggle quoted messageShow quoted text
For those that have not been exposed to the CII badge details you can look at existing projects (here is sawtooth's:
https://bestpractices.coreinfrastructure.org/projects/954, for example.)
Tom might be updating this imminently based on Dave's feedback during today's TSC meeting. At the moment, however, you can see where Tom was conservative in his answers to subjective questions like "All medium and high severity exploitable vulnerabilities discovered with static code analysis MUST be fixed in a timely way after they are confirmed."
I think the current wording of Dave's proposal recognizes that there are subjective questions in that list. Between the Hyperledger Security Maven role and the TSC we should apply appropriate scrutiny when it comes to "Not-applicable". I think trying to define and document that in absolute terms for all projects apriori will be less effective than just doing an interactive review with each project.
From: hyperledger-tsc-bounces@... [mailto:hyperledger-tsc-bounces@...] On Behalf Of Gregory Haskins via hyperledger-tsc
Sent: Thursday, May 18, 2017 13:21
To: David Huseby <@dhuseby>
Cc: hyperledger-tsc <hyperledger-tsc@...>
Subject: Re: [Hyperledger Project TSC] CII Badge as graduation/1.0 requirement
I don't really have a full understanding of what it entails to be CII compliant yet. With that caveat, this kind of formally/neutrally defined criteria and evaluation mechanism sounds like a reasonable condition for acceptance to me. I do think we should strive to classify, in advance, the rules in which we decide "applicable criteria" for a given type of proposal where possible so as to avoid the perception that the community is applying the rules unfairly.
+2 from me.
On Thu, May 18, 2017 at 12:15 PM, David Huseby via hyperledger-tsc <hyperledger-tsc@...> wrote:
Thank you everybody for the discussion about my proposal. Because we_______________________________________________
hyperledger-tsc mailing list