mmccool
commented
4 years ago Related to lifecycle discussion, eg. "maintenance" state. When lifecycle is done in Architecture, we will need to rewrite the lifecycle section in S&PG document, and when THAT is done, we can close this issue.
In https://github.com/w3ctag/design-reviews/issues/355, it is mentioned that section on update in the Arch doc seems to imply that one should avoid updates https://w3c.github.io/wot-architecture/#sec-security-consideration-update-provisioning, however such updates are important to maintain security. A sentence should be added (before the mitigation) that updates are necessary to maintain the security of systems (the mitigation then states that updates need to be performed securely...).