search

department-of-veterans-affairs / abd-vro

To get Veterans benefits in minutes, VRO software uses health evidence data to help fast track disability claims.
Other
19 stars 6 forks source link

Discover SecRel signatures Requirements and Action Any Necessary Changes in Documentation #3183

Open nelsestu opened 2 months ago

nelsestu commented 2 months ago

User Story

As a VRO Developer, I want to document and communicate our corrected understanding of SecRel signatures, so that we as a team don't end up doing more deployments than necessary.

Originally the task was defined as "deploy VRO apps that are likely to have images whose SecRel signatures are no longer valid". But as we delved into the details and started hunting for evidence of the signature expiration we found that our previous understanding about these expirations is not valid. I am writing this ticket as a placeholder to continue any necessary discussion, but all that is actually necessary is that we communicate and document the actual status of these signatures, and how the signatures are applied on LHDI infrastructure.

Update documentation

  1. Document our revised understanding of SecRel signatures, speciifically detailing how and when secrel signatures expire
  2. Communicate revised documentation to the team

Not included in this work

We do not need to deploy every two weeks as previously stated, so... not included in this work: vro deployment.

Notes about work

BerniXiongA6 commented 2 months ago

cc: @meganhicks @lisac

nelsestu commented 2 months ago

Documentation updated in both public and private wikis. On Monday I'll make a 16th minute item to confirm everyone is aware of our updated understanding and to inquire about whether that changes any of our other policy intentions.