TUF analysis: IA table changes

cncf / techdocs

CNCF TechDocs Team

https://cncf.io

Apache License 2.0

43 stars 26 forks source link

TUF analysis: IA table changes #274

Open chalin opened 3 months ago

chalin commented 3 months ago

Further proposed changes to the table under https://github.com/cncf/techdocs/blob/main/analyses/0012-TUF/implementation.md#provide-project-meeting-links-and-calendar:

Put Adoptions back under Community

I think that we might need a top-level entry (that shows up in the top-nav too), named Security. What do you think @lukpueh.

In terms of IA:

Security, with the following page content (they don't need to be subpages, though they can be):
- Audits
- Reporting issues

WDYT @lukpueh?

Dindihub commented 3 months ago

Further proposed changes to the table under https://github.com/cncf/techdocs/blob/main/analyses/0012-TUF/implementation.md#provide-project-meeting-links-and-calendar:

Put Adoptions back under Community

I think that we might need a top-level entry (that shows up in the top-nav too), named Security. What do you think @lukpueh. In terms of IA:

Security, with the following page content (they don't need to be subpages, though they can be):

Audits

Reporting issues

WDYT @lukpueh?

@chalin Noted. I'll wait for @lukpueh views on the structure before I create a PR.

lukpueh commented 3 months ago

I think it's fine. IMO the canonical location for project-wide security policy (to report security issues) is: https://github.com/theupdateframework/community/security/policy

What if we set up a policy there, and point to it from theupdateframework.io/security?

chalin commented 3 months ago

I'd do it the other way around. If there's any content in https://github.com/theupdateframework/community/security/policy, it should point back to the website (and have no other content). That is, make the website security section/pages the canonical reference. WDYT?

lukpueh commented 3 months ago

I'd do it the other way around. If there's any content in https://github.com/theupdateframework/community/security/policy, it should point back to the website (and have no other content). That is, make the website security section/pages the canonical reference. WDYT?

Work for me.

chalin commented 3 months ago

@chalin Noted. I'll wait for @lukpueh views on the structure before I create a PR.

Any further doubts before you proceed @Dindihub?

Dindihub commented 3 months ago

@chalin Noted. I'll wait for @lukpueh views on the structure before I create a PR.

Any further doubts before you proceed @Dindihub?

Hi @chalin . So this is how I understood the IA for this section: Security :

Audit
Reporting issues (To have the same content as on the current website. Add a reporting issues link on the community/policy section on GitHub pointing to the website)