Open eddie-knight opened 1 month ago
Thank you for creating this space to track all this upcoming work.
While we are working on this, let's see if we can add a banner "website under construction" 🚧 on website pages and link this issue in the banner for any feedback folks may have :)
Great initiative @eddie-knight !
With regards to the point related to the TSSA package, I think clarification may be needed in the self-assessment guide which currently states that:
This document provides the CNCF TAG-Security with an initial understanding of [project] to assist in a joint-assessment, necessary for projects under incubation. Taken together, this document and the joint-assessment serve as a cornerstone for if and when [project] seeks graduation and is preparing for a security audit.
Thanks @mrcdb — I'll keep the list updated with any comments that roll in here.
Notes from one point of discussion on today's NA TAG meeting.
Recent discussion has raised concern as to whether thegovernance/
directory has a reasonable amount of clarity with regard to the intent of its contents. Similarly, it has been suggested that there are too many top-level files that relate to project governance. (for example, multiple files related to the project license).
Reorganize, merge, or remove any content related to governance and contribution. The result should be fewer and clearer files and directories in this repo.
Notes from recent discussions regarding the presentation and accessibility of STAG whitepapers. Needs input from at least @mnm678 & @PushkarJ.
Whitepapers are currently spread across multiple locations in this directory, organized by topic. In some cases, they live nested alongside other topically related content.
Multiple possible options exist, which I'll list here sorted by complexity of effort.
An attempt to resolve this problem has been made in the past, through PUBLICATIONS.md
at the top level of this directory.
Unfortunately, this has not been immediately clear to many new members— possibly due to the relatively high number of files and directories at the top level of the repo.
This is the best temporary solution, and maybe it's a permanent one: I'll map PUBLICATIONS.md to a navbar position on the website, and remove any reference to other whitepapers (ie, Supply Chain Security) from the navbar.
https://github.com/cncf/tag-security/pull/1265
Note: This will break any backlinks to the whitepapers.
Instead of topical organization, we could have a top-level directory called whitepapers/
. We would move all whitepaper subdirectories into this new directory, as well as the audio-versions/
top-level directory. This will allow us to create a simplified presentation
If we consolidate top-level directories based on topics and working groups, we can create a standardized flow for how each WG stores its artifacts. This will have the added benefit of allowing quick population of all WG content (and whitepapers) onto the website (though the whitepapers will be nested enough that I suspect they won't be intuitive to find)
If we want to leave things how they are in the repo, we could just write up some additional custom logic in website/Makefile
to move each whitepaper from its current disparate location to a centralized location that will only be reflected on the repo.
Note that this will break the current pattern of the website layout reflecting the repo structure.
hi @eddie-knight I saw this issue marked as a good first issue, I've done a security self-assessment as a security pal this past year and I would love to help edit the assessments page if needed (or any of the other tasks)!
Hey @amanda-gonzalez thanks for raising your hand! Would you like to create a PR with any improvements you find?
We're hoping to have most of the changes merged this week, so please ping me here or on Slack if I can help clarify anything.
hi @eddie-knight I am looking at the Events page in the website and it looks like this is statically built from the website folder and not built from Markdown files originating in the rest of the repo.
To make this more consistent with other sections (Assessments, Governance etc), would it be beneficial to create an events
top level folder in the repo with a README detailing recurring and future events, as well as an archive of past events (on this, we have a past-events.md
file in the root which may be moved to the new folder IMO so it gets automatically published on the website as well).
Yeah, I think the best route would be to move events into the community directory that was recently created— the plan is to start moving more content in there from around the repo. Would love to see a PR for it, if you have the time.
With merge of #1279 how many of the assessment
objectives remain?
I think the assessments content is in a good state for the current sprint. I have some questions and nits that I want to address over time, but I think Amanda's contribution is plenty sufficient for the goal of removing the "under construction" banner.
@eddie-knight are the action items on the Events section complete or do you foresee additional work required to fix those issues?
Thanks @mrcdb - I think there is more to do there. I tried automating it to act like the blog, but didn't get anything behaving how I imagined after all.
As a follow-on item, we should discuss what to name/do with process.md
Link to website: https://tag-security.cncf.io/
In order to increase the quality of outputs from TAG Security, to simplify the project maintenance, and to streamline new member familiarization, there is a need to do a large-scale cleanup of this repository. This will involve the revision or removal of files and/or directories.
As a first phase, we will be scoping focus specifically to content that is displayed on the website:
This issue description will be used to summarize unique work items that we have found, which should be tackled. Unless otherwise noted, PRs and comments are welcome from anyone in the community to address the questions or problems outlined below.
Action Items