tag-security icon indicating copy to clipboard operation
tag-security copied to clipboard

Published 20 hours ago verified publisher icon cncf

[Bug] Fix '/supply-chain-security/compromises' 404 (with redirect)

Open maltfield opened this issue 1 year ago • 4 comments
trafficstars

This ticket is to report that one of my favoriate bookmarked links (to this repo) is now a 404

  • https://github.com/cncf/tag-security/tree/main/supply-chain-security/compromises

Problem

I frequently send the above link to many people, but now it gives a 404 :(

In the past many years, I've opened countless bug reports with developers (on GitHub and elsewhere) asking them to improve the security of their release process to provide a means for their users to have some protection against supply chain compromises.

Not all developers have an inherent understanding of why it's important to, for example, cryptographically sign their releases. For many, you need to point the developer to a list of historical events where supply chain compromises have actually happened in the real world. Only then will many understand the importance of supply chain security.

Solution

Unfortunately, all these old tickets that I've created that link to this repo are now broken. Note that many of these tickets are still open/pending tasks, so I think it's important that the information is still available.

I don't know where the supply-chain-security/compromises list has been moved, but I don't think a solution to this ticket is to tell me where it now lives.

The solution to this ticket is to recreate the file supply-chain-security/compromises at HEAD with a message that inclues a link to the new location of the supply-chain-security/compromises list.

maltfield avatar Aug 29 '24 20:08 maltfield

fyi, it looks like the redirect link should point to https://github.com/cncf/tag-security/tree/main/community/catalog/compromises

maltfield avatar Aug 29 '24 20:08 maltfield

This issue has been automatically marked as inactive because it has not had recent activity.

stale[bot] avatar Apr 26 '25 08:04 stale[bot]

Would you be open to a PR for this?

maltfield avatar Apr 27 '25 16:04 maltfield

Hey @maltfield - With the TOC/TAG Reboot in progress - I expect that the structure of the repository may soon receive another (potentially backwards incompatible) restructuring. I'll let other maintainers weigh in if they believe otherwise.

To my knowledge - TOC will be standardizing some of the structure for website use and we are still looking for more clarity on how that will allow us to administrate our repository.

I believe this issue occurred during a previous "re-organization" of the repository and we have been having conversations at the community meetings to potentially revisit this again.

I say all of this as I can understand the frustration but do not believe we have anything in place (yet) regarding links to HEAD not breaking.

brandtkeller avatar Apr 27 '25 19:04 brandtkeller

This issue has been automatically marked as inactive because it has not had recent activity.

stale[bot] avatar Jul 19 '25 05:07 stale[bot]

fyi, this is still a 404 :(

  • https://github.com/cncf/tag-security/tree/main/supply-chain-security/compromises

maltfield avatar Sep 16 '25 19:09 maltfield