Closed TamaraDale closed 1 year ago
mattcaswell
commented
1 year ago We only seem to have the tables as an ods file in this PR - not the actual policy itself.
Is an ods file the best format for publishing the tables? I wonder if it would be better done in markdown? Also should we hold the table in general-policies, or should that be held elsewhere?
levitte
commented
1 year ago There are two sheets in there, SIT and SIAT... If I understand correctly, SIT is some start of a policy, while SIAT is more of an information table that shows the details. Is that about right, @TamaraDale?
Regarding the format, our Policy on Proposing General Policy Changes is quite clear, at least regarding policies:
"Each policy is placed in an individual file in Markdown format in the policies subdirectory."
Informational tables haven't been thought of, at least to have here, so we haven't said much about their format... but yeah, they should be in a different directory.
mattcaswell
commented
1 year ago If I understand correctly, SIT is some start of a policy, while SIAT
The SIT is what information we have, and the SIAT is who is allowed to access it.
Informational tables haven't been thought of, at least to have here, so we haven't said much about their format... but yeah, they should be in a different directory.
I was comparing this to the platform policy. Previous discussions on this were that the policy itself would be in general-policies (when it is eventually moved there), but the table of platforms would be maintained outside of the general-policies repo because its not considered part of the policy itself and changes much more frequently. I was applying that same logic to this and wondering whether there is a distinction between the policy which we assume to be relatively long term stable - and the tables which might be expected to change more frequently.
TamaraDale
commented
1 year ago Hi Guys
SIT & SIAT are both information tables, I kept them separate from the Policy so it would be easier to update them rather than having to go through a full Policy approval each time we needed to adjust or add an item (eg new role, new type of sensitive information). SIT however, could be included in the Policy as it's less likely to be updated as often as SIAT but I'll leave you guys to decide that.
It can be in any format though tables are usually easier to maintain in a spreadsheet but happy to change it if you prefer something else.
Thanks
Tam
On 20/07/2022 11:33 pm, Richard Levitte wrote:
There are two sheets in there, SIT and SIAT... If I understand correctly, SIT is some start of a policy, while SIAT is more of an information table that shows the details. Is that about right, @TamaraDale https://github.com/TamaraDale?
Regarding the format, our Policy on Proposing General Policy Changes https://github.com/openssl/general-policies/blob/master/policies/policy-change-process.md is quite clear, at least regarding policies:
"Each policy is placed in an individual file in Markdown format in the policies subdirectory."
Informational tables haven't been thought of, at least to have here, so we haven't said much about their format... but yeah, they should be in a different directory.
— Reply to this email directly, view it on GitHub https://github.com/openssl/general-policies/pull/25#issuecomment-1190294189, or unsubscribe https://github.com/notifications/unsubscribe-auth/AZ6NRRVNGZ774DN6VZWHQ5LVU753JANCNFSM54CAGMSQ. You are receiving this because you were mentioned.Message ID: @.***>
-- Tam Dale Business Operations Administrator
TamaraDale
commented
1 year ago How about a new folder in the general-policies folder called "policy-tables"?
If you're happy with that I'll create & move them there.
Thanks Tam
On 30/09/2022 10:45 am, Pauli wrote:
@.**** commented on this pull request.
In policies/AccessSensitiveInfoPolicy_SIAT.md https://github.com/openssl/general-policies/pull/25#discussion_r984121509:
@@ -0,0 +1,13 @@ +| Sensitive Information Access Table | |
I thought these were going into a new folder one level up. Attachments/schedule/data/whatever.
— Reply to this email directly, view it on GitHub https://github.com/openssl/general-policies/pull/25#pullrequestreview-1126133001, or unsubscribe https://github.com/notifications/unsubscribe-auth/AZ6NRRWWYMGXUCDEG2XG6O3WAYZ3RANCNFSM54CAGMSQ. You are receiving this because you were mentioned.Message ID: @.***>
paulidale
commented
1 year ago Sounds fine, although it might be better to use something more generic in case other policies need to reference things that aren't tables. Still, the name can be changed later easily enough.
TamaraDale
commented
1 year ago Could do policy-supplemental as folder instead?
Thanks T
On 30/09/2022 2:28 pm, Pauli wrote:
Sounds fine, although it might be better to use something more generic in case other policies need to reference things that aren't tables. Still, the name can be changed later easily enough.
— Reply to this email directly, view it on GitHub https://github.com/openssl/general-policies/pull/25#issuecomment-1263088739, or unsubscribe https://github.com/notifications/unsubscribe-auth/AZ6NRRWG3WEUYJVUYJYLRU3WAZT65ANCNFSM54CAGMSQ. You are receiving this because you were mentioned.Message ID: @.***>
paulidale
commented
1 year ago Yep, or even just supplemental since this is the general-policy repository.
paulidale
commented
1 year ago i.e.
Sensitive Information Access Table
==================================
| Role/Individual | Accessible Sensitive Information |
| --- | --- |Vote: Accept the accessing sensitive information policy as of 2894caf7b051387f16f0fbbd8f6c5c9ebd3b79e7
paulidale
commented
1 year ago Pauli: [+1]
mattcaswell
commented
1 year ago Vote: [+1]
iamamoose
commented
1 year ago Vote: 0
t-j-h
commented
1 year ago Vote [+1]
There is stuff I would handle differently - but we need to start somewhere ...
kroeckx
commented
1 year ago voting +1
levitte
commented
1 year ago vote: [0]
Also including related tables for review