Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Improvement] SMK24 - Check if time limits are consistent #17

Closed
shanecoughlan opened this issue Nov 16, 2022 · 4 comments
Closed

[Improvement] SMK24 - Check if time limits are consistent #17

shanecoughlan opened this issue Nov 16, 2022 · 4 comments

Comments

@shanecoughlan
Copy link
Contributor

SMK24: 3.4.2.1: The 18m time limit is now consistent with the range of time limits given in 3.4.2.
@shanecoughlan shanecoughlan mentioned this issue Nov 16, 2022
Closed
@shanecoughlan
Copy link
Contributor Author

Potential issue in 3.4.2 verification materials vs main requirement in 3.4.2

@shanecoughlan
Copy link
Contributor Author

As per call 2023-10-17, take language from Licensing 2.1:

==

A program that is OpenChain conformant with this version of the specification shall last 18 months from the date conformance validation was obtained. The conformance validation registration procedure can be found on the OpenChain project's website.

3.6.2.1 - A document affirming the program meets all the requirements of this security specification, within the past 18 months of obtaining conformance validation.

==

ADJUSTED FOR BOTH SPECS with rationale that reference material (how to validate conformance) should be clearly non-prescriptive because it is a "how" item that may vary across industries:

==

A program that is OpenChain conformant with this version of the specification shall last 18 months from the date conformance validation was obtained.

3.6.2.1 - A document affirming the program meets all the requirements of this specification, within the past 18 months of obtaining conformance validation.

==

A CONSIDERATION item is whether we should we "A document affirming the program meets all the requirements of this specification, within the past 18 months of obtaining conformance validation." or "A document affirming the program meets all the requirements of this [security][licensing] specification, within the past 18 months of obtaining conformance validation." Perhaps the former is easier and clearer. Included in this revision for that reason.

A TODO item is to create better conformance validation information in the FAQ.

@shanecoughlan shanecoughlan mentioned this issue Oct 17, 2023
Closed
@shanecoughlan
Copy link
Contributor Author

Adjustment due to numbering difference between Licensing and Security Spec. Security Spec will look as follows:

A program that is OpenChain conformant with this version of the specification shall last 18 months from the date conformance validation was obtained.

3.4.2.1 - A document affirming the program meets all the requirements of this specification, within the past 18 months of obtaining conformance validation.

@shanecoughlan shanecoughlan reopened this Oct 17, 2023
shanecoughlan added a commit that referenced this issue Oct 17, 2023
@shanecoughlan
Update openchain-security-specification-2.0.md
ce6a660 
As per call 2023-10-17 addressed via this issue:
#17
@shanecoughlan
Copy link
Contributor Author

Addressed here:
ce6a660

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@shanecoughlan