DrupalSecurityTeam / drupalpcicompliance

Official github repo for the Drupal PCI compliance white paper.
http://drupalpcicompliance.org
Other
56 stars 15 forks source link

Issues for v1.1 Release #14

Closed rickmanelius closed 10 years ago

rickmanelius commented 11 years ago

I'm planning on having a v1.1 released prior to BADCamp 2013. Here are the issues I'd like to have resolved prior to that.

Correct PCI-DSS definitions Fix inconsistencies about what falls into a PCI SAQ A classification. Add link to PCI compliance myths article into paper.

If anyone has anything else to add, please let me know.

-Rick

rcross commented 10 years ago

3 and #12 have pull requests.

rickmanelius commented 10 years ago

Hi Ryan! Yes I gotta get the new version out soon, particularly with the new PCI 3.0 standard now officially released. #3 is merged. #12 needs a slightly different solution but I'll leave it open until I get it in place.

rickmanelius commented 10 years ago

3 and #12 are now resolved in markdown. In preparation for the 1.1 release, I'll need to convert the HTML and pdf versions. I'll keep a running list on those.

I'll be adding more tickets and tagging 1.1 (to be released by DrupalCon Austin).

rickmanelius commented 10 years ago

Other items that come to mind:

If anyone else has any ideas, please feel free to add here or suggest in an issue submission.

rickmanelius commented 10 years ago

Alright. I've reviewed all the applicable PCI 3.0 document and reviewed the paper with respect to all the necessary updates. I've created a ver_1_1 branch and will put all changes there before soliciting feedback/reviews. Once I have consensus there, I'll merge in the markdown versions and produce the updated HTML and pdf versions.

Onward!

rcross commented 10 years ago

any progress on getting a cleaner approach to compiling/pdf-ing? That would allow us to use the pull-request / commit review process in github to do that review in pieces rather than all at the "end".

On Thu, May 22, 2014 at 12:56 PM, Rick Manelius notifications@github.comwrote:

Alright. I've reviewed all the applicable PCI 3.0 document and reviewed the paper with respect to all the necessary updates. I've created a ver_1_1 branch and will put all changes there before soliciting feedback/reviews. Once I have consensus there, I'll merge in the markdown versions and produce the updated HTML and pdf versions.

Onward!

— Reply to this email directly or view it on GitHubhttps://github.com/rickmanelius/drupalpcicompliance/issues/14#issuecomment-43843786 .

rickmanelius commented 10 years ago

Hi Ryan. I haven't resolved that for 2 reasons: 1) the pdf generation mechanisms I've explored are both ugly and do not properly retain internal bookmarking and 2) I don't want this to hold me up anymore. In markdown, one can get a diff log when comparing branches, so it will show a full record of everything that has changed as well as allow for commenting. As long as people pull request against ver_1_1, those changes and suggestions can also be tracked.

rickmanelius commented 10 years ago

Initial commits on the ver_1_1 branch are already moving along. I'm intentionally leaving some @todo entries to specify areas that will require more than a quick edit. My goal is to get all the minor changes in quickly and then focus on the figure updates and/or items that will require a longer discussion.

rcross commented 10 years ago

Your call, Rick. I was just recognizing that there is an inherent possibility for error when transferring from markdown to word(?) without an automated build, which kind of requires a double up of review effort. I don’t want to hold things up either.

On Thu, May 22, 2014 at 11:43 PM, Rick Manelius notifications@github.comwrote:

Initial commits on the ver_1_1 branch are already moving along. I'm intentionally leaving some @todo https://github.com/todo entries to specify areas that will require more than a quick edit. My goal is to get all the minor changes in quickly and then focus on the figure updates and/or items that will require a longer discussion.

— Reply to this email directly or view it on GitHubhttps://github.com/rickmanelius/drupalpcicompliance/issues/14#issuecomment-43889198 .

rickmanelius commented 10 years ago

There is definitely a possibility of that. But at the end of the day, I'll run a diff log and it'll take me 5-7 hours to get the final changes upstream. And, when we're in a place where the markdown 1.1 version looks good, then the document will be stable for a least a few months, opening the door to fix the markdown to pdf conversion process (time permitting with my now 6 week old daughter! :)

rickmanelius commented 10 years ago

As stated in another thread, I have completed my first pass on updating the paper to version 1.1 (full diff log here https://github.com/rickmanelius/drupalpcicompliance/pull/23). I've reached out to the co-authors for the first round of feedback. After that I'll be reaching out to those that helped review version 1.0. Once all feedback is gathered and applied, we'll be ready for release.

rickmanelius commented 10 years ago

I'm pleased to report that the other co-authors have provided their feedback and the changes have been applied. I'm about to reach out to reviewers to get one more round of checking. After that has been incorporated, it's just a matter of some cleanup and then we'll release version 1.1!

rickmanelius commented 10 years ago

I sent out review requests to those that helped for version 1.0. I'm asking for feedback within 2 weeks so I can then take their changes/suggestions and release v1.1 by July 15th. Thanks again for everyone's help!

rickmanelius commented 10 years ago

Just a quick update to those following along. We have received feedback from several individuals. Many of the suggestions offered were largely grammar/clarification, and those have been already merged. There are only 2 open issues at this time:

26

27

Once these are addressed, I'll get the markdown copy finalized and then perform the necessary conversions for the HTML and PDF copies. I'll make an announcement on the mailing list and seek additional outlets to promote its release. If anyone has any suggestions on that topic, I'm all ears.

Thanks!

rickmanelius commented 10 years ago

26 has reached a resolution. #27 will be a small tweak. I'm closing out any future changes/tweaks and I'm going to gear up to get the pdf conversion started this weekend so we can launch next week as scheduled. Thanks everyone!

rickmanelius commented 10 years ago

PDF conversion is done. I'm just waiting on @greggles to get an updated logo for issue #21 and this will launch (as promised) on July 15th!

rickmanelius commented 10 years ago

Updated PDF copy is here for anyone interested https://github.com/rickmanelius/drupalpcicompliance/blob/ver_1_1/DrupalPCICompliance.pdf

rickmanelius commented 10 years ago

All complete! Merging the branch, tagging, and I'll working on promotion/announcements by Tues/Wedn. Thanks Everyone!