search

dotnet / AspNetCore.Docs

Documentation for ASP.NET Core
https://docs.microsoft.com/aspnet/core
Creative Commons Attribution 4.0 International
12.58k stars 25.29k forks source link

ROPC: FIx/mitigate ASP.NET Framework #33758

Open Rick-Anderson opened 1 day ago

Rick-Anderson commented 1 day ago

See list in #33703

wadepickett commented 17 hours ago

@tdykstra, you ok with taking this one entirely, while I work on all the SFI images? I am taking on a couple hundred images to fix this sprint starting in order of worst severity and overall there are well over a 1000 to do. If so, I will take my name of this one.

tdykstra commented 16 hours ago

@Rick-Anderson Should the title be "... Core and Framework"?

wadepickett commented 15 hours ago

@Rick-Anderson Should the title be "... Core and Framework"?

The list in the issue noted in the description is only for the AspNetDocs repo. Maybe to clarify we should just say this issue is for all ROPC issues int the AspNetDocs repo to be clear.

@tdykstra see my question above on me working on all the images (over 1000) while you handle ROPC. Thoughts?

Rick-Anderson commented 15 hours ago

@Rick-Anderson Should the title be "... Core and Framework"?

Fixed

tdykstra commented 15 hours ago

@wadepickett How about we start with that intent and re-evaluate how much time each of us has left to do after a sprint or two? If the list in #33703 is only ASP.NET Framework, where is the equivalent list for ASP.NET Core?

wadepickett commented 14 hours ago

@wadepickett How about we start with that intent and re-evaluate how much time each of us has left to do after a sprint or two? If the list in #33703 is only ASP.NET Framework, where is the equivalent list for ASP.NET Core?

Great idea, let's go that route. I will focus on images, you on ROPC this sprint and we discuss how that is going as we start each new sprint to figure out if we need to move the work around between us.

We can group these by sprint for there severity or however we want to prioritize them.

I created new issues for fixing SFI flagged images. One per sprint (what I could fit into a sprint) per repo. So one for AspNetDocs and one for AspNetCore.Docs and one for EF, etc. Starting with the most severe first.

You could do the same with ROPC. Indicate a group you will hit in a repo based on priority that fits into this sprint and another for the next. One issue for each repo per sprint.

For repo AspNetCore.Docs there were 66 ROPC remaining items (maybe that is less now). The "list" at the moment is simply what is listed into the dashboard connected spreadsheet.

And the plan was to apply where we can the standard include regarding secure auth flow, see example pr https://github.com/dotnet/AspNetCore.Docs/pull/33408