Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Docs on available tools and when to use them #25

Open
vakaras opened this issue Jan 14, 2019 · 10 comments
Open

Docs on available tools and when to use them #25

vakaras opened this issue Jan 14, 2019 · 10 comments

Comments

@vakaras
Copy link

vakaras commented Jan 14, 2019

It seems that most issues on this repository are about improving tooling. However, I think that it is also important to teach the community how to use these tools efficiently. Are there any plans to prepare documentation that introduces in a single place the tools available, explains when they should be used, and at least links to the documentation on how to use them? Maybe, it would be good to explain not only how to use specific tools, but also have links to more generic tutorials such as this one on fuzzing?

@Shnatsel
Copy link
Member

I am very hopeful about something like Clippy containing knowledge on anti-patterns instead of a guide. Simply because nobody cares about a guide, while clippy is right there.

However, high-visibility info on proper processes and available tooling would be great. For example, cargo-asm is something a lot of people want but many do not discover. I didn't back in the day. There's a Rust 2019 goals post calling for writing exactly cargo-asm.

But there is definitely room for other resources, such as Rust Fuzz Book and perhaps an "optimizing without unsafe" guide.

@Shnatsel Shnatsel changed the title Teaching Safe Programming Docs on available tools and when to use them Jan 14, 2019
@DevQps
Copy link
Contributor

DevQps commented Mar 17, 2019

@vakaras I currently created an issue with all the security related project and tools here: #30 . However we're still trying to find a good place on where to publish this list. We should probably add some rationale on what each project does and why it is useful as well. EDIT: If you have any idea's let us know :)

@vakaras
Copy link
Author

vakaras commented Mar 18, 2019

@DevQps Thank you for compiling this list. I think it is a really nice starting point from which at some point we could try to build a “security cookbook”.

@DevQps
Copy link
Contributor

DevQps commented Mar 18, 2019

@vakaras I think so as well! It might be nice to also have a list of relevant articles / pre-RFCs. The only question that remains is: Where to publish them? It would be nice if newcomers do not have to spend too much time looking for a list like this. You have any idea's where we could put this?

One option would be to add a new file to our repository and put a link in the README? Or would that bloat the README?

@vakaras
Copy link
Author

vakaras commented Mar 19, 2019

Currently, the README contains the goals that this working group wants to achieve. However, I think it would be good to have some information in the README about how this group is moving towards these goals (if I understood correctly, that was your idea in #31?). Maybe there we could also give a link to the list of tools?

@DevQps
Copy link
Contributor

DevQps commented Mar 20, 2019

@vakaras That was the general idea of #31 indeed! But I currently only listed the work items, and it feels like it would be a bit too unclear for a beginner. Some information about how we move forward to the goals in a more general sense would be nicer I think! Do you have any suggestions on how to approach this?

I can make a PR that adds a README link to the projects (I will create a separate document for that then). With a bit of luck I will be able to do that tomorrow or this evening if you think that's a good idea!

@vakaras
Copy link
Author

vakaras commented Mar 23, 2019

@DevQps Sorry, for the late reply. I have missed your message.

But I currently only listed the work items, and it feels like it would be a bit too unclear for a beginner.

Yes, also I am not sure if it would not be better to have a label for each goal and simply add a link to each goal that shows all issues tagged with the corresponding label.

Do you have any suggestions on how to approach this?

Not really. Maybe, we could elaborate each goal a little bit to make it clearer what is meant?

I can make a PR that adds a README link to the projects (I will create a separate document for that then).

To me personally that sounds like a good idea. Of course it would be good hear also from others.

@DevQps
Copy link
Contributor

DevQps commented Mar 23, 2019

@Shnatsel

@DevQps Sorry, for the late reply. I have missed your message.

But I currently only listed the work items, and it feels like it would be a bit too unclear for a beginner.

Yes, also I am not sure if it would not be better to have a label for each goal and simply add a link to each goal that shows all issues tagged with the corresponding label.

Do you have any suggestions on how to approach this?

Not really. Maybe, we could elaborate each goal a little bit to make it clearer what is meant?

I can make a PR that adds a README link to the projects (I will create a separate document for that then).

To me personally that sounds like a good idea. Of course it would be good hear also from others.

@vakaras Thanks for your reply. I wonder: @Shnatsel What do you think about this?

@Shnatsel
Copy link
Member

https://github.com/rust-secure-code/rustsec-projects is the first stab at this, thanks to @DevQps

@DevQps
Copy link
Contributor

DevQps commented Apr 22, 2019

@Shnatsel I think we can close this one now right!

EDIT: Unless @vakaras feels like we should add some other kind of things, like tutorials and stuff.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants