-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create security_baseline_sandbox_stage.md #354
Conversation
Signed-off-by: Dana Wang <Danajoyluck@users.noreply.github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is coming along well. There are three places I didn't see information before I'm comfortable approving.
- In the goal section, can you describe a bit more about what the SIG will do to evolve the baseline to prepare for LF wide adoption? (e.g. work with graduated projects to proof of concept the baseline and get feedback). What does "good" look like to know you're done and ready to apply to rest of LF?
- in the governance section, please clarify the initial governance request (if I remember correctly from the TAC meeting your request is to initially fall under TAC governance.
- URLS. I believe there was some conversation about if the initial repo should be in the TAC, or a separate repo while evaluating the baseline for OpenSSF. In some comments I understood this might evolve when it applies to the rest of the LF. Need to decide and populate initial URLs.
Thanks!
to address feedback from @sevansdell Signed-off-by: Dana Wang <Danajoyluck@users.noreply.github.com>
Thanks a lot @sevansdell I updated the document to address question 1 and 2. I assumed 3 is comment. Once the SIG is formed, we will have a repo, the URIs and document update process will be sorted out with TAC |
updated the goal Signed-off-by: Dana Wang <Danajoyluck@users.noreply.github.com>
process/sig-lifecycle-documents/security_baseline_sandbox_stage.md
Outdated
Show resolved
Hide resolved
…e.md Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>
added more detailed based on discussion with GUAC maintainers to expand the goals of the SIG. Signed-off-by: Dana Wang <Danajoyluck@users.noreply.github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @Danajoyluck ! This looks good to me!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The BEST WG voted to adopt Baseline as a SIG
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for reviewed changes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm 👍🏻
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure why my original approval was removed, but I still approve this!
No description provided.