Make the Figma libraries public

[beatrizmilhomem]

give access to the Figma libs to users from agencies (outsourcing)

[davicostalf]

This includes who should use the library outside VTEX.

[davicostalf]

• Add a warning in Figma libraries that it's only for internal usage and link to the file in Figma community.
• Open the internal library files for everyone to be able to view.

[beatrizmilhomem]

Após conversar com o time de Information Security, ficou decidido:

• Components e Tokens libraries serão publicadas no Figma Community, sem risco de segurança.
• Patterns library não será publicada no Figma Community por apresentar um baixo risco de segurança ("O risco de ter isso exposto publicamente é que um atacante pode usar pra "estudar" a plataforma da VTEX e ele pode tanto manipular algum front do lado dele pra tentar "imitar" e conduzir ataques, ou ainda pra entender como a plataforma se comporta pra poder aplicar ataques mais sofisticados. Outro risco que vemos é que eventualmente algum cliente pode reportar isso como má prática de segurança, e ele estaria certo.").
• Não vamos mais postar prints de páginas de apps nas issues. Sempre postar um link do Figma que apenas pessoas da VTEX podem acessar.

[ggomarighetti]

In my case, I have used the styleguide project and adminui before and currently the shoreline to make dashboards or internal tools with a quality graphical interface, and I am very grateful for the policy of making this work open-source and that anyone can use it and know how to take advantage of it for good.

Although I do not fit in the category of collaborator coming from external agencies or outsourcing as you mentioned in the initial message of this issue, I would like to make a contribution as a user in this “open source” modality (if that category were to be considered) although I understand the reasons for which the decision is taken, since “opening the internal libraries for anyone to see them” is a security risk, a mixed scheme could be proposed.

Differentiate and reserve certain screens or certain patterns that are very specific to the product you develop (an e-commerce back office for b2b scenarios) from the more generic ones such as a general layout with a sidebar, a container, the different paddings or margins involved in the various breakpoints, or the same generic templates or layouts promoted by yourselves in previous documentations such as listings, forms, details, settings, or others such as headers, blocks, layouts, etc.

Or as another alternative, some form where you can request access to the files as a reader, visitor, external, etc, where some kind of KYC is applied, or security questions are asked and a record is made of who accessed the files and at what time.

Thank you very much and your projects have helped me a lot in the development of my activity as a professional, and I hope you can achieve a security policy that continues to allow the use and / or study of your work for applications with good intentions of the open source community, a big greeting to the distance.

[beatrizmilhomem]

@ggomarighetti thank you for your comment and suggestion!

[beatrizmilhomem]

@davicostalf documentation proposal