Expanding security assessment facilitator role definition. #815
Conversation
Various edits to appease the `mdl` linter. Enforcing some style changes (i.e. common indentation and trailing period literals in unordered lists, etc.).
IAXES
requested review from
achetal01,
anvega,
ashutosh-narkar,
dshaw,
JustinCappos,
lumjjb,
pragashj,
TheFoxAtWork and
ultrasaurus
as code owners
|
This was the minimum I could get the linter down to. We'd need a prescribed/pre-created Edit: all good now. Also, found the linter configuration. |
IAXES
changed the title
Signed-off-by: Matthew Giassa <matthew@giassa.net>
… github.com:IAXES/tag-security into feature-add-sec-assessment-facilitator-role-details Signed-off-by: Matthew Giassa <matthew@giassa.net>
|
Amended most recent commit to include signature. |
|
Updated as per feedback. |
|
I think it is very important not to repeat information that exists elsewhere, but rather link it. For example: soft/hard conflicts are presented here: https://github.com/cncf/tag-security/blob/main/assessments/guide/security-reviewer.md (I think that's a good place for them, though would be open to moving rather than copying if the community feels strongly that this information belongs in governance. If so, consider a small, specific "conflict of interest" doc that can be linked to from both places.) |
|
Note: this is very hard to review because of all the formatting changes included with (maybe?) substantive changes. Please make clear in the description what expansion of the role you are including, whether this is a proposed change in actual practice or an expanded narrative of what was originally written. This is critical for anything in |
I'll do a 2-pass approach in the future (i.e. linter + cosmetic changes first round; substantive/major changes in a follow-up). The change is centered around the "Security review facilitator" / "Security Assessment Facilitator" section. The other changes through the document were just style updates and refactoring the table-of-contents at the top. |
The existing location (i.e. |
|
Hi @IAXES just checking in if you've had some time to take a look at the comments! |
Yep: reviewing now. :) |
✅ Deploy Preview for tag-security ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
…details Signed-off-by: Andres Vega <av@monkey.org>
Changes to sentence case in toc Reworded most responsible to primary individual responsible in making progress in the assessment process with support of reviewers
| of at least two Chairs). | ||
| 4. The issue is updated with the assignment of the project lead as "assignee" | ||
| alongside the TAG Leadership member. | ||
| 5. Project Leads will be given the OWNER role of the directory or sub-directory |
There was a problem hiding this comment.
is this technically possible? I don't believe you can do this in github today? Someone can clarify? @PushkarJ had a bunch of cool github gizmos he implemented through the bot though, so maybe that's possible?
There was a problem hiding this comment.
It's possible. This was a hindrance when I was the assessed rather than the assessor. We can accomplish so today by declaring ownership of directories or files in CODEOWNERS: https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners#example-of-a-codeowners-file
|
I m good with the changes...Thank You IAXES for all the hard work in updating the document. |
|
Nudge @sublimino |
|
One typo fix suggested, then LGTM too |
Co-authored-by: Andrew Martin <sublimino@gmail.com> Signed-off-by: Justin Cappos <justincappos@gmail.com>
|
This issue has been automatically marked as inactive because it has not had recent activity. |
…details Signed-off-by: Andrés Vega <av@messier42.com>
mdllinter.trailing period literals in unordered lists, etc.).
rendered at the top of the document.