[Drupal-twg] Project Applications Process - Security working group counter-proposal

[Jeremy Thorson]

Hey all,

The Security Working Group has provided a counter-proposal in response to
our discussions regarding the Project Applications process; which can be
viewed at the following location:

https://docs.google.com/document/d/1lxnr6pxIrzIv7cRsuEA2RBHiBg590-XGTRx3UlBc3YE/edit?usp=sharing

Essentially, the policy changes would be:
- non-git vetted users would be allowed to create a maximum of one full
project, but no tagged releases.
- All projects must be created as sandbox projects until they can pass an
automated review (essentially the PAReview scripts used in the project
application process), to guard against mass namespace squatting and spam.
- Project pages would include a visual indication of non-git vetted status
- Manual review would still apply to get the 'git vetted user' status.

I don't anticipate anyone on the working group being proposed to the option
... despite it not going as far as our proposal does, it is an improvement
over the current situation; and a small step in the right direction.

Any strong objections to the proposal as written?  If I don't hear anything
by the end of this week, I'll assume we can provide a TWG stamp of
approval, and take the proposal out to the community.

- Jeremy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/drupal-twg/attachments/20150107/4add4bf6/attachment.html