Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create security_baseline_sandbox_stage.md #354

Merged
merged 5 commits into from
Jul 23, 2024
Merged

Create security_baseline_sandbox_stage.md #354

merged 5 commits into from
Jul 23, 2024

Conversation

Danajoyluck
Copy link
Contributor

No description provided.

@Danajoyluck Danajoyluck requested a review from a team as a code owner July 11, 2024 18:42
sevansdell
sevansdell requested changes Jul 11, 2024
View reviewed changes
Copy link
Contributor

@sevansdell sevansdell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is coming along well. There are three places I didn't see information before I'm comfortable approving.

  1. In the goal section, can you describe a bit more about what the SIG will do to evolve the baseline to prepare for LF wide adoption? (e.g. work with graduated projects to proof of concept the baseline and get feedback). What does "good" look like to know you're done and ready to apply to rest of LF?
  2. in the governance section, please clarify the initial governance request (if I remember correctly from the TAC meeting your request is to initially fall under TAC governance.
  3. URLS. I believe there was some conversation about if the initial repo should be in the TAC, or a separate repo while evaluating the baseline for OpenSSF. In some comments I understood this might evolve when it applies to the rest of the LF. Need to decide and populate initial URLs.

Thanks!

@Danajoyluck
Update security_baseline_sandbox_stage.md
d563c44 
to address feedback from @sevansdell 

Signed-off-by: Dana Wang <[email protected]>
@Danajoyluck
Copy link
Contributor Author

I think this is coming along well. There are three places I didn't see information before I'm comfortable approving.

  1. In the goal section, can you describe a bit more about what the SIG will do to evolve the baseline to prepare for LF wide adoption? (e.g. work with graduated projects to proof of concept the baseline and get feedback). What does "good" look like to know you're done and ready to apply to rest of LF?
  2. in the governance section, please clarify the initial governance request (if I remember correctly from the TAC meeting your request is to initially fall under TAC governance.
  3. URLS. I believe there was some conversation about if the initial repo should be in the TAC, or a separate repo while evaluating the baseline for OpenSSF. In some comments I understood this might evolve when it applies to the rest of the LF. Need to decide and populate initial URLs.

Thanks!

Thanks a lot @sevansdell I updated the document to address question 1 and 2. I assumed 3 is comment. Once the SIG is formed, we will have a repo, the URIs and document update process will be sorted out with TAC

@Danajoyluck
Update security_baseline_sandbox_stage.md
d0bf83b 
updated the goal

Signed-off-by: Dana Wang <[email protected]>
lehors and others added 2 commits July 13, 2024 13:28
@lehors
Update process/sig-lifecycle-documents/security_baseline_sandbox_stag…
dad64c8 
…e.md

Signed-off-by: Arnaud J Le Hors <[email protected]>
@Danajoyluck
Update security_baseline_sandbox_stage.md goals
05ff0ed 
added more detailed based on discussion with GUAC maintainers to expand the goals of the SIG.

Signed-off-by: Dana Wang <[email protected]>
marcelamelara
marcelamelara approved these changes Jul 17, 2024
View reviewed changes
Copy link
Contributor

@marcelamelara marcelamelara left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @Danajoyluck ! This looks good to me!

SecurityCRob
SecurityCRob approved these changes Jul 18, 2024
View reviewed changes
Copy link
Contributor

@SecurityCRob SecurityCRob left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The BEST WG voted to adopt Baseline as a SIG

@SecurityCRob SecurityCRob added documentation Improvements or additions to documentation TI Lifecycle Issue/PR related to TIs' lifecycle status. Needs 5 approvals, 10d review. Content Updates/additions to TAC content/process. Must include a changelog entry. Needs 3 approvals. labels Jul 18, 2024
mlieberman85
mlieberman85 approved these changes Jul 23, 2024
View reviewed changes
Copy link
Contributor

@mlieberman85 mlieberman85 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

sevansdell
sevansdell approved these changes Jul 23, 2024
View reviewed changes
Copy link
Contributor

@sevansdell sevansdell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for reviewed changes.

torgo
torgo approved these changes Jul 23, 2024
View reviewed changes
Copy link
Contributor

@torgo torgo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm 👍🏻

marcelamelara
marcelamelara approved these changes Jul 23, 2024
View reviewed changes
Copy link
Contributor

@marcelamelara marcelamelara left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure why my original approval was removed, but I still approve this!

@SecurityCRob SecurityCRob merged commit 9f28023 into main Jul 23, 2024
6 of 7 checks passed
@SecurityCRob SecurityCRob deleted the Danajoyluck-patch-2 branch July 23, 2024 16:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sevansdell sevansdell sevansdell approved these changes

@camaleon2016 camaleon2016 camaleon2016 approved these changes

@marcelamelara marcelamelara marcelamelara approved these changes

@SecurityCRob SecurityCRob SecurityCRob approved these changes

@mlieberman85 mlieberman85 mlieberman85 approved these changes

@torgo torgo torgo approved these changes

@steiza steiza steiza approved these changes

@lehors lehors Awaiting requested review from lehors

Assignees
No one assigned
Labels
Content Updates/additions to TAC content/process. Must include a changelog entry. Needs 3 approvals. documentation Improvements or additions to documentation TI Lifecycle Issue/PR related to TIs' lifecycle status. Needs 5 approvals, 10d review.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@Danajoyluck @steiza @torgo @mlieberman85 @lehors @SecurityCRob @marcelamelara @camaleon2016 @sevansdell