wg-best-practices-os-developers icon indicating copy to clipboard operation
wg-best-practices-os-developers copied to clipboard

Published 20 hours ago verified publisher icon ossf

Revamp publishing of guides such as concise guides & scm guide

Open torgo opened this issue 1 year ago • 7 comments

torgo avatar Jun 06 '23 14:06 torgo

As discussed in the call today - create a publishing process of some kind to publish these guides on openssf.org rather than in github directories.

torgo avatar Jun 06 '23 14:06 torgo

We now have https://bp.openssf.org working. The DNS is set up, TLS is working and enforced, and the pages in /docs are automatically regenerated whenever the markdown is merged into the main branch.

Here are some examples:

https://bp.openssf.org/Concise-Guide-for-Developing-More-Secure-Software.html https://bp.openssf.org/Concise-Guide-for-Evaluating-Open-Source-Software.html

Do people like this direction? We need to change the CSS, see #160. Once we decide this approach is "ready to launch" we'll need to change sites to use these new URLs, see #161.

david-a-wheeler avatar Jun 06 '23 17:06 david-a-wheeler

create a publishing process of some kind to publish these guides on openssf.org rather than in github directories.

Two quick clarifications:

  1. We'll still edit these guides on GitHub. The change proposed here is to create a publishing process so that the "final pretty versions" will appear somewhere in a subdomain of openssf.org. If someone goes to GitHub to view the materials, they'll still see them.

  2. There's a proposal to use a different subdomain other than "bp". Currently "best" seems to be leading, i.e., "best.openssf.org". If you have an opinion on the name, please comment here soon: https://github.com/ossf/wg-best-practices-os-developers/issues/162

david-a-wheeler avatar Jun 08 '23 14:06 david-a-wheeler

NB: The "bp.openssf.org" domain is not longer available. Stay tuned for the all-new "best.openssf.org" domain! See: https://github.com/ossf/wg-best-practices-os-developers/issues/162

david-a-wheeler avatar Jun 08 '23 17:06 david-a-wheeler

Note: The ".html" suffix will be optional (unless we change our configuration). So once best.openssf.org is working with TLS, we can use these links:

  • https://best.openssf.org/Concise-Guide-for-Developing-More-Secure-Software
  • https://best.openssf.org/Concise-Guide-for-Evaluating-Open-Source-Software

david-a-wheeler avatar Jun 08 '23 17:06 david-a-wheeler

We've now done this for the concuse guides. Now we can discuss if this is a template we should follow.

david-a-wheeler avatar Jun 12 '23 11:06 david-a-wheeler

Maybe this issue can be closed at the next general BP call? /cc @SecurityCRob @david-a-wheeler

torgo avatar Oct 19 '23 14:10 torgo