sbp opened a new issue, #217: URL: https://github.com/apache/tooling-trusted-release/issues/217
ASF projects are only allowed to upload from GitHub when Security allows this. Security's criterion is that the project perform reproducible builds. Questions to answer: * Who set the criterion? Was it a Board decision, or a Security decision? * What is the application process to Security? * Who processes the applications? * How long does it take to process the applications? * What is the evaluation process? Does Security attempt to reproduce the builds? * Where is the list of permitted projects maintained? * What projects are on that list? * Who has the permissions to modify the list of permitted projects? * Who currently enforces that projects uploading from GitHub are permitted? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tooling.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tooling.apache.org For additional commands, e-mail: dev-h...@tooling.apache.org
