techdocs icon indicating copy to clipboard operation
techdocs copied to clipboard
verified publisher icon cncf

TUF analysis: IA table changes

Open chalin opened this issue 1 year ago • 6 comments

Further proposed changes to the table under https://github.com/cncf/techdocs/blob/main/analyses/0012-TUF/implementation.md#provide-project-meeting-links-and-calendar:

  • Put Adoptions back under Community

I think that we might need a top-level entry (that shows up in the top-nav too), named Security. What do you think @lukpueh.

In terms of IA:

  • Security, with the following page content (they don't need to be subpages, though they can be):
    • Audits
    • Reporting issues

WDYT @lukpueh?

chalin avatar Aug 11 '24 09:08 chalin

Further proposed changes to the table under https://github.com/cncf/techdocs/blob/main/analyses/0012-TUF/implementation.md#provide-project-meeting-links-and-calendar:

  • Put Adoptions back under Community

I think that we might need a top-level entry (that shows up in the top-nav too), named Security. What do you think @lukpueh. In terms of IA:

  • Security, with the following page content (they don't need to be subpages, though they can be):

    • Audits
    • Reporting issues

WDYT @lukpueh?

@chalin Noted. I'll wait for @lukpueh views on the structure before I create a PR.

Dindihub avatar Aug 12 '24 11:08 Dindihub

I think it's fine. IMO the canonical location for project-wide security policy (to report security issues) is: https://github.com/theupdateframework/community/security/policy

What if we set up a policy there, and point to it from theupdateframework.io/security?

lukpueh avatar Aug 21 '24 14:08 lukpueh

I'd do it the other way around. If there's any content in https://github.com/theupdateframework/community/security/policy, it should point back to the website (and have no other content). That is, make the website security section/pages the canonical reference. WDYT?

chalin avatar Aug 22 '24 19:08 chalin

I'd do it the other way around. If there's any content in https://github.com/theupdateframework/community/security/policy, it should point back to the website (and have no other content). That is, make the website security section/pages the canonical reference. WDYT?

Work for me.

lukpueh avatar Aug 23 '24 06:08 lukpueh

@chalin Noted. I'll wait for @lukpueh views on the structure before I create a PR.

Any further doubts before you proceed @Dindihub?

chalin avatar Aug 23 '24 15:08 chalin

@chalin Noted. I'll wait for @lukpueh views on the structure before I create a PR.

Any further doubts before you proceed @Dindihub?

Hi @chalin . So this is how I understood the IA for this section: Security :

  • Audit
  • Reporting issues (To have the same content as on the current website. Add a reporting issues link on the community/policy section on GitHub pointing to the website)

Dindihub avatar Aug 23 '24 17:08 Dindihub