david-a-wheeler
commented
3 months ago While reading I noted some spelling nits (see above), but really, this looks fine.
This is for simply onboarding / creating the infrastructure for the SIG (mainly its repo) itself, and that's fine. Its README will need to make it clear who the leaders are, and that it's part of the Best Practices WG. The WG should also point to this, once it's set up.
An alternative would be to house this within the best practices WG. The WG already has a setup to create pretty web pages, while if you want to do that in this SIG, there may be an extra step. However, because there are a number of other foundations involved, I think the approach (as proposed) is the better way anyway.
We may eventually want to create materials that will implement the baseline. That work might be part of this repo, or a separate repo. I would suggest putting it all in this repo if that makes sense, and if we discover it doesn't, we'll have a rationale for creating another repo.
Thanks for doing this!
Detailed implementation plan for onboarding security baseline SIG.