search

ossf / wg-securing-critical-projects

Helping allocate resources to secure the critical open source projects we all depend on.
Apache License 2.0
331 stars 40 forks source link

Google sheet restrictions #68

Closed zmanion closed 1 year ago

zmanion commented 1 year ago

The Google sheet is really locked down, unable to copy and paste or export as CSV. Is this intentional? Can the restrictions be relaxed? I am attempting to do some light memory safety analysis of the listed projects. Expending manual effort or writing a script seems like a poor use of time to access public data.

cc @eoinwm

david-a-wheeler commented 1 year ago

That's weird and I don't think it's intentional. Anyone can comment, & I don't find any setting like that. I've given you editor rights to the document, hopefully that will enable you to do what you just listed.

WG Leaders: I hope that's okay; this looked like a serious problem that needed a quick fix, and this was the only quick fix I could come up with.

zmanion commented 1 year ago

Thanks, it was behavior I've not seen before, read-only is sufficient really if anyone prefers that access level.

zmanion commented 1 year ago

To follow up, anyone not explicitly granted access or logged in still can't download, copy, or print. I suspect it's this setting and only the owner (@Amir-Montazery) can change it.

Amir-Montazery commented 1 year ago

Thank you for following up. I checked the permissions and anyone with the link to the sheet can edit it now. I think that should fix the issue.

david-a-wheeler commented 1 year ago

@Amir-Montazery - I think "anyone can edit" is excessive for this document. I suggest bringing it back to comment-only for now as the default.

Amir-Montazery commented 1 year ago

I did it this way so zmanion could do things like export to csv and get access requests for the document often. Is there a happy medium so people can access the doc without me being a gatekeeper?

zmanion commented 1 year ago

I'm fine, since I have specific access, so thanks, my need is covered.

I think the setting in question is this:

https://support.google.com/docs/answer/2494893?visit_id=638169106614802525-3163434944&p=prevent_download&rd=2#zippy=%2Cprevent-people-from-downloading-printing-or-copying-your-file

which is not the usual "anyone with the link can do X" sort of setting.

I can't see the "prevent from downloading" setting, but I think @Amir-Montazery can? My suggestion is "everyone can read" or "everyone can comment" and check and adjust the "prevent from downloading" setting.

Amir-Montazery commented 1 year ago

Thank you Art. Yes, I think what works best is having "everyone can read and comment" and only editors, who can request access, can download the data should they need. This should work nicely until we find a more permanent solution. Thanks again for everyone's help on this!