search

OWASP / ASVS

Application Security Verification Standard
Creative Commons Attribution Share Alike 4.0 International
2.75k stars 669 forks source link

German translation checked, updated and ready #1338

Closed JoergBruenner closed 6 months ago

JoergBruenner commented 2 years ago

I corrected the errors from last time ...

tghosth commented 2 years ago

Hi @JoergBruenner,

Where are the fixes you made? It looks like nothing has changed on your fork at https://github.com/JoergBruenner/ASVS since the last PR you made which Elar opened questions on in #1317.

JoergBruenner commented 2 years ago

Hi tghosth

may you have a look at https://github.com/JoergBruenner/ASVS please? The changes shall be there.

Jörg

tghosth commented 2 years ago

Thanks @JoergBruenner, I got this merged in, thanks for your efforts!

elarlang commented 2 years ago

I validated it now. For whitespace corrections I made https://github.com/OWASP/ASVS/pull/1367/commits/73cdf641cde54424876d573df1a791b85e3824dc / PR #1367. If this one gets merged, can you please do following corrections (especially 2 missing parts).

Note: as I validate/compare translations line-by-line, it's important, that all translated content lines are exactly on the same line, like source content. So, for validating the structure for the translation, I need to do manually all the changes listed below.

File: 0x02-Preface.md

File: 0x03-Using-ASVS.md

File :0x04-Assessment_and_Certification.md

File: 0x10-V1-Architecture.md

File: 0x12-V3-Session-management.md

File: 0x14-V6-Cryptography.md

File: 0x15-V7-Error-Logging.md

File: 0x16-V8-Data-Protection.md

File: 0x18-V10-Malicious.md

File: 0x22-V14-Config.md

File: 0x90-Appendix-A_Glossary.md

Note: Didn't compare in detail, 72 lines in de vs 55 lines in en

JoergBruenner commented 2 years ago

Hi @elarlang

thank you for your hints.

The number of paragraphs differs because I summed up the very short ones. They are rather uncommon in German language.

File: 0x10-V1-Architecture.md

"Glossary of terms" - content missing from de version

I moved that glossary to the end. German readers expects the glossary at the end.

File: 0x03-Using-ASVS.md

"Referenzen auf Anforderungen des ASVS" - some content is missing here from de version

Here you got me. I explained the versioning easier but I left out some facts :-(

I'm curious: Are there significant downloads of the German version?

See you Jörg

tghosth commented 2 years ago

Hi @JoergBruenner , are you going to make the other changes which @elarlang suggested?

tghosth commented 2 years ago

HI @JoergBruenner, any update on this?

elarlang commented 2 years ago

In my comment I pointed out:

Note: as I validate/compare translations line-by-line, it's important, that all translated content lines are exactly on the same line, like source content. So, for validating the structure for the translation, I need to do manually all the changes listed below.

Feedback from here

The number of paragraphs differs because I summed up the very short ones. They are rather uncommon in German language.

I moved that glossary to the end. German readers expects the glossary at the end.

And later response to question by @tghosth:

Hi @JoergBruenner , are you going to make the other fixes that @elarlang mentioned?

got the anwer

no, I don't plan to do so. Please have a look at my explaination in issue #1338.

Here I need to point out clear things - if someone wants to provide tranlation in some language, it must follow the same structure (even if it's wrong). Everything else is just someone else's version of the document - in this case, by current state it's "one german version fork of ASVS v4.0.3" not "translated ASVS v4.0.3".

Additionally it creates the need for manual work for us, which is... not acceptable for me personally.

You can always keep your own version of the document whereever, but from ASVS official repository we are going to serve only the correct ones.

Please finalize your huge effort with those things which I have previously pointed out, otherwise we have some "development freeze" here and/or we need to find someone else to do that.

Thank you

tghosth commented 2 years ago

@JoergBruenner please work with Elar to make the remaining fixes. I appreciate it has been a lot of work up to now so it would be great to make sure it is finished off correctly.

elarlang commented 1 year ago

Ping @JoergBruenner . Do you have any plan or wish to do it?

I'm curious: Are there significant downloads of the German version?

It is not merged to the repo, so there are no downloads till the translation merge process is not finished.

If @JoergBruenner does not want to deal with it, I think we need to find some other German speaker to fix those issues. It does not make sense to waste the effort from @JoergBruenner .

JoergBruenner commented 1 year ago

Hi Elar,I don't understand the case. I thought I've done all the necessary things. I can see the German version at owasp.org/asvs. What's still open? I'll try to manage it.See you JörgVon meinem/meiner Galaxy gesendet -------- Ursprüngliche Nachricht --------Von: Elar Lang @.> Datum: 15.03.23 08:08 (GMT+01:00) An: OWASP/ASVS @.> Cc: JoergBruenner @.>, Mention @.> Betreff: Re: [OWASP/ASVS] German translation checked, updated and ready (Issue

1338)

Ping @JoergBruenner . Do you have any plan or wish to do it?

I'm curious: Are there significant downloads of the German version?

It is not merged to the repo, so there are no downloads till the translation merge process is not finished. If @JoergBruenner does not want to deal with it, I think we need to find some other German speaker to fix those issues. It does not make sense to waste the effort from @JoergBruenner .

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: @.***>

elarlang commented 1 year ago

You are right, those are merged (for my surprise).

So, seems that de translation file were actually merged/commited to main repo v4.0.3 branch on 2022-09-04 https://github.com/OWASP/ASVS/commit/4fe5233f26a1bd1c27b9f0eeb55eccaff3cfce0e / https://github.com/OWASP/ASVS/pull/1357

https://github.com/OWASP/ASVS/tree/v4.0.3/4.0/docs_de

Current opened PR was started 2022-09-10 https://github.com/OWASP/ASVS/pull/1369 and my feedback is given 2022-09-08 (after documents were merged).

In other words, my feedback or fixes after the initial merge is not in generated output documents and should be fixed.

JoergBruenner commented 1 year ago

Hi @elarlang, It's a bit strange: At my local repository I made the chages you asked on Sep. 8. I have to check deeper, what went wrong.

elarlang commented 1 year ago

I don't think anything went wrong with your changes - there are just reasons for me/us, that we would like to see matching structure for source file and translated file.

Your feedback from https://github.com/OWASP/ASVS/issues/1338#issuecomment-1242800657

The number of paragraphs differs because I summed up the very short ones. They are rather uncommon in German language.

And my comments here: https://github.com/OWASP/ASVS/issues/1338#issuecomment-1272359499

JoergBruenner commented 1 year ago

Sorry, I explained it the wrong way :-( You said on Oct. 8 I have to translate exactly. So I did. I thougt, I made the requests to bring these changes to the main fork. But they never arrived. Now I have to check why.

elarlang commented 1 year ago

@JoergBruenner - I can see many PR's, I merged them already but I do revalidation for them again. Please let me know if you don't plan to any more changes.

JoergBruenner commented 1 year ago

@elarlang Sorry for the masses. I corrected the translation file by file in the web. My local repo got corrupted :-( I don't plan any more changes in 4.0.3. I think I'll move on in 5.0.

elarlang commented 1 year ago

There are still out-of-sync chapters and paragraphs. I don't want to waste another few hours of my life to re-validate again something which has been claimed to be corrected 4 times, so I just rechecked structure and content for requirements.

Despite all that, I really thank you for your effort for translating it. We just need to invent better process for getting translations in correct format.

Still there are some things to recheck, before we can generate/update output documents publish that it is translated.

after PR #1593 is merged, please recheck and/or do following changes

File: 0x03-Using-ASVS.md

Section ## Verwendung dieses Standards

In english version I don't see section like this: Zu den Sicherheitszielen aller Stufen gehören die Gewährleistung der Vertraulichkeit (z.B. Verschlüsselung), der Integrität (z.B. Transaktionen, Eingabevalidierung), der Verfügbarkeit (z.B. ordnungsgemäße Lastverteilung), der Authentifizierung (auch zwischen Systemen), der Nichtabstreitbarkeit, der Autorisierung und der Protokollierung.

File: 0x11-V2-Authentication.md

Still missing section "Glossary of terms", I added it in English, please translate it.

File: 0x17-V9-Communications.md

In english version we don't have section like this: _Für Deutschland veröffentlicht das BSI die Technische Richtlinie TR-02102 Kryptographische Verfahren: Empfehlungen und Schlüssellängen als Richtlinie für die Verwendung von TLS sowie zur Nutzung sicherer Algorithmen und Schlüssellängen._

It may give extra value for German users, but it's also not direct translation anymore (it's some version/fork of ASVS in German).