Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create security_baseline_sandbox_stage.md #354

Merged
merged 5 commits into from
Jul 23, 2024
Merged

Conversation

Danajoyluck
Copy link
Contributor

No description provided.

Signed-off-by: Dana Wang <Danajoyluck@users.noreply.github.com>
@Danajoyluck Danajoyluck requested a review from a team as a code owner July 11, 2024 18:42
Copy link
Contributor

@sevansdell sevansdell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is coming along well. There are three places I didn't see information before I'm comfortable approving.

  1. In the goal section, can you describe a bit more about what the SIG will do to evolve the baseline to prepare for LF wide adoption? (e.g. work with graduated projects to proof of concept the baseline and get feedback). What does "good" look like to know you're done and ready to apply to rest of LF?
  2. in the governance section, please clarify the initial governance request (if I remember correctly from the TAC meeting your request is to initially fall under TAC governance.
  3. URLS. I believe there was some conversation about if the initial repo should be in the TAC, or a separate repo while evaluating the baseline for OpenSSF. In some comments I understood this might evolve when it applies to the rest of the LF. Need to decide and populate initial URLs.

Thanks!

to address feedback from @sevansdell 

Signed-off-by: Dana Wang <Danajoyluck@users.noreply.github.com>
@Danajoyluck
Copy link
Contributor Author

I think this is coming along well. There are three places I didn't see information before I'm comfortable approving.

  1. In the goal section, can you describe a bit more about what the SIG will do to evolve the baseline to prepare for LF wide adoption? (e.g. work with graduated projects to proof of concept the baseline and get feedback). What does "good" look like to know you're done and ready to apply to rest of LF?
  2. in the governance section, please clarify the initial governance request (if I remember correctly from the TAC meeting your request is to initially fall under TAC governance.
  3. URLS. I believe there was some conversation about if the initial repo should be in the TAC, or a separate repo while evaluating the baseline for OpenSSF. In some comments I understood this might evolve when it applies to the rest of the LF. Need to decide and populate initial URLs.

Thanks!

Thanks a lot @sevansdell I updated the document to address question 1 and 2. I assumed 3 is comment. Once the SIG is formed, we will have a repo, the URIs and document update process will be sorted out with TAC

updated the goal

Signed-off-by: Dana Wang <Danajoyluck@users.noreply.github.com>
lehors and others added 2 commits July 13, 2024 13:28
…e.md

Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>
added more detailed based on discussion with GUAC maintainers to expand the goals of the SIG.

Signed-off-by: Dana Wang <Danajoyluck@users.noreply.github.com>
Copy link
Contributor

@marcelamelara marcelamelara left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @Danajoyluck ! This looks good to me!

Copy link
Contributor

@SecurityCRob SecurityCRob left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The BEST WG voted to adopt Baseline as a SIG

@SecurityCRob SecurityCRob added documentation Improvements or additions to documentation TI Lifecycle Issue/PR related to TIs' lifecycle status. Needs 5 approvals, 10d review. Content Updates/additions to TAC content/process. Must include a changelog entry. Needs 3 approvals. labels Jul 18, 2024
Copy link
Contributor

@mlieberman85 mlieberman85 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

Copy link
Contributor

@sevansdell sevansdell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for reviewed changes.

Copy link
Contributor

@torgo torgo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm 👍🏻

Copy link
Contributor

@marcelamelara marcelamelara left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure why my original approval was removed, but I still approve this!

@SecurityCRob SecurityCRob merged commit 9f28023 into main Jul 23, 2024
6 of 7 checks passed
@SecurityCRob SecurityCRob deleted the Danajoyluck-patch-2 branch July 23, 2024 16:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Content Updates/additions to TAC content/process. Must include a changelog entry. Needs 3 approvals. documentation Improvements or additions to documentation TI Lifecycle Issue/PR related to TIs' lifecycle status. Needs 5 approvals, 10d review.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

9 participants