-
-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Accessing sensitive information policy #25
Conversation
e1702c4
to
9095478
Compare
We only seem to have the tables as an ods file in this PR - not the actual policy itself. Is an ods file the best format for publishing the tables? I wonder if it would be better done in markdown? Also should we hold the table in general-policies, or should that be held elsewhere? |
There are two sheets in there, SIT and SIAT... If I understand correctly, SIT is some start of a policy, while SIAT is more of an information table that shows the details. Is that about right, @TamaraDale? Regarding the format, our Policy on Proposing General Policy Changes is quite clear, at least regarding policies: "Each policy is placed in an individual file in Markdown format in the policies subdirectory." Informational tables haven't been thought of, at least to have here, so we haven't said much about their format... but yeah, they should be in a different directory. |
The SIT is what information we have, and the SIAT is who is allowed to access it.
I was comparing this to the platform policy. Previous discussions on this were that the policy itself would be in general-policies (when it is eventually moved there), but the table of platforms would be maintained outside of the general-policies repo because its not considered part of the policy itself and changes much more frequently. I was applying that same logic to this and wondering whether there is a distinction between the policy which we assume to be relatively long term stable - and the tables which might be expected to change more frequently. |
Hi Guys
SIT & SIAT are both information tables, I kept them separate from the
Policy so it would be easier to update them rather than having to go
through a full Policy approval each time we needed to adjust or add an
item (eg new role, new type of sensitive information). SIT however,
could be included in the Policy as it's less likely to be updated as
often as SIAT but I'll leave you guys to decide that.
It can be in any format though tables are usually easier to maintain in
a spreadsheet but happy to change it if you prefer something else.
Thanks
Tam
On 20/07/2022 11:33 pm, Richard Levitte wrote:
There are two sheets in there, SIT and SIAT... If I understand
correctly, SIT is some start of a policy, while SIAT is more of an
information table that shows the details. Is that about right,
@TamaraDale <https://github.com/TamaraDale>?
Regarding the format, our Policy on Proposing General Policy Changes
<https://github.com/openssl/general-policies/blob/master/policies/policy-change-process.md>
is quite clear, at least regarding policies:
"Each policy is placed in an individual file in Markdown format in the
policies subdirectory."
Informational tables haven't been thought of, at least to have here,
so we haven't said much about their format... but yeah, they should be
in a different directory.
—
Reply to this email directly, view it on GitHub
<#25 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AZ6NRRVNGZ774DN6VZWHQ5LVU753JANCNFSM54CAGMSQ>.
You are receiving this because you were mentioned.Message ID:
***@***.***>
--
Tam Dale
Business Operations Administrator
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd prefer the tables to be converted to markdown - but I could accept them as they are.
In the SIAT the entry for System Administrator seems incomplete: "Passwords for"
@@ -0,0 +1,13 @@ | |||
| **Sensitive Information Access Table** | | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I thought these were going into a new folder one level up. Attachments/schedule/data/whatever.
How about a new folder in the general-policies folder called
"policy-tables"?
If you're happy with that I'll create & move them there.
Thanks
Tam
…On 30/09/2022 10:45 am, Pauli wrote:
***@***.**** commented on this pull request.
------------------------------------------------------------------------
In policies/AccessSensitiveInfoPolicy_SIAT.md
<#25 (comment)>:
> @@ -0,0 +1,13 @@
+| **Sensitive Information Access Table** | |
I thought these were going into a new folder one level up.
Attachments/schedule/data/whatever.
—
Reply to this email directly, view it on GitHub
<#25 (review)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AZ6NRRWWYMGXUCDEG2XG6O3WAYZ3RANCNFSM54CAGMSQ>.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Sounds fine, although it might be better to use something more generic in case other policies need to reference things that aren't tables. Still, the name can be changed later easily enough. |
Could do policy-supplemental as folder instead?
Thanks
T
…On 30/09/2022 2:28 pm, Pauli wrote:
Sounds fine, although it might be better to use something more generic
in case other policies need to reference things that aren't tables.
Still, the name can be changed later easily enough.
—
Reply to this email directly, view it on GitHub
<#25 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AZ6NRRWG3WEUYJVUYJYLRU3WAZT65ANCNFSM54CAGMSQ>.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Yep, or even just supplemental since this is the general-policy repository. |
@@ -0,0 +1,13 @@ | |||
| **Sensitive Information Access Table** | | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Make this a header:
Sensitive Information Access Table
==================================
i.e.
|
918c861
to
b8b8521
Compare
Also including related tables for review
5a1674c
to
71db0cd
Compare
71db0cd
to
2c18212
Compare
Vote: Accept the accessing sensitive information policy as of 2894caf |
Pauli: [+1] |
Vote: [+1] |
Vote: 0 |
Vote [+1] There is stuff I would handle differently - but we need to start somewhere ... |
voting +1 |
vote: [0] |
Also including related tables for review