Update Overview Community Management Guide.mdx#513
Merged
mattaereal merged 23 commits intoJul 8, 2026
Conversation
I have updated the overall update overview to be more inline with the feedback given over the past few weeks, which were: 1) Reframe the intro as a wayfinding statement. Instead of opening with a content summary, open with a one- or two-sentence orientation about what community security covers and where to go. Something like: "Community Management security spans several disciplines — each with its own dedicated Framework. Use this page to find the right one." 2) Convert the best practices section into a visual index. Each of the four sections (2FA/passwords, phishing, OpSec, emergency response) already has a corresponding Framework, so we can turn them into explicit cards or a linked table with the topic, a single descriptive sentence, and the link. This keeps the content without making it feel like a dead end. 3) Cut the inline detail that lives somewhere else. For example, TOTP configuration advice, the password manager separation rule, and the DM-first policy all belong in the destination frameworks, not here. Keeping it here creates both a maintenance burden for your team and dilutes the "go there for more" message. ------------------------------------------------------------------------ Therefore I was able to make the community manage guides more of the why, what, and how/where? Explaining this information and then leading into the actual frameworks for each that ALL needs to be taken into consideration when talking about community management and it's subsequent guides/frameworks. This included a complete reformat of this page, that I think addresses all feedback and has a cleaner flow to providing the north star for this section.
I have updated the overall update overview to be more inline with the feedback given over the past few weeks, which were: Reframe the intro as a wayfinding statement. Instead of opening with a content summary, open with a one- or two-sentence orientation about what community security covers and where to go. Something like: "Community Management security spans several disciplines — each with its own dedicated Framework. Use this page to find the right one." Convert the best practices section into a visual index. Each of the four sections (2FA/passwords, phishing, OpSec, emergency response) already has a corresponding Framework, so we can turn them into explicit cards or a linked table with the topic, a single descriptive sentence, and the link. This keeps the content without making it feel like a dead end. Cut the inline detail that lives somewhere else. For example, TOTP configuration advice, the password manager separation rule, and the DM-first policy all belong in the destination frameworks, not here. Keeping it here creates both a maintenance burden for your team and dilutes the "go there for more" message. ------------------------------------------------------------------------ Therefore I was able to make the community manage guides more of the why, what, and how/where? Explaining this information and then leading into the actual frameworks for each that ALL needs to be taken into consideration when talking about community management and it's subsequent guides/frameworks. This included a complete reformat of this page, that I think addresses all feedback and has a cleaner flow to providing the north star for this section.
I have updated the overall update overview to be more inline with the feedback given over the past few weeks, which were: Reframe the intro as a wayfinding statement. Instead of opening with a content summary, open with a one- or two-sentence orientation about what community security covers and where to go. Something like: "Community Management security spans several disciplines — each with its own dedicated Framework. Use this page to find the right one." Convert the best practices section into a visual index. Each of the four sections (2FA/passwords, phishing, OpSec, emergency response) already has a corresponding Framework, so we can turn them into explicit cards or a linked table with the topic, a single descriptive sentence, and the link. This keeps the content without making it feel like a dead end. Cut the inline detail that lives somewhere else. For example, TOTP configuration advice, the password manager separation rule, and the DM-first policy all belong in the destination frameworks, not here. Keeping it here creates both a maintenance burden for your team and dilutes the "go there for more" message. ------------------------------------------------------------------------ Therefore I was able to make the community manage guides more of the why, what, and how/where? Explaining this information and then leading into the actual frameworks for each that ALL needs to be taken into consideration when talking about community management and it's subsequent guides/frameworks. This included a complete reformat of this page, that I think addresses all feedback and has a cleaner flow to providing the north star for this section.
built with Refined Cloudflare Pages Action⚡ Cloudflare Pages Deployment
|
scode2277
requested changes
Jul 6, 2026
scode2277
left a comment
Collaborator
There was a problem hiding this comment.
I've added some one-click apply needed updates for the build to pass.
scode2277
reviewed
Jul 6, 2026
Collaborator
|
I've applied all the needed changes for the build to run as well as updated all the links to be relative instead of absolute and resolved merging conflicts. This is now ready to review @mattaereal |
scode2277
approved these changes
Jul 6, 2026
6 tasks
NFTDreww
added a commit
to NFTDreww/frameworks
that referenced
this pull request
Jul 7, 2026
Adjusted to fixes called out in security-alliance#513 to flesh with security-alliance#514
Updating fixed to this to address call outs from security-alliance#513 & security-alliance#514
9 tasks
NFTDreww
added a commit
to NFTDreww/frameworks
that referenced
this pull request
Jul 7, 2026
Updating Twitter to address call outs in security-alliance#513 and security-alliance#514
Collaborator
|
After talking with @NFTDreww, we realized this PR is the one with all the content he is contributing in the right format and structure. I've closed #514, #547 and #548 as they had duplicated content. This is ready to go @mattaereal! |
frameworks-volunteer
approved these changes
Jul 8, 2026
frameworks-volunteer
left a comment
Collaborator
There was a problem hiding this comment.
Model: z-ai/glm-5.2 Reasoning: medium Provider: openrouter
Review Summary
Security and QA review complete. Approving.
Security Review
- No hardcoded secrets, tokens, or API keys
- No XSS/injection vectors (MDX content only, no
dangerouslySetInnerHTML,eval, or inline scripts) - No unsafe deserialization or dynamic imports
- All links are internal relative paths to existing framework pages — no external/unknown URLs
- No sensitive data exposure
QA Review
- All CI checks pass (build preview, lint, socket security, sidebar-reminder)
- Contributor
nftdrewwis registered incontributors.json— frontmatter attribution is valid - Internal links verified: all anchors (
#cold-admin-setup,#safety-setup,#automod,#anti-impersonation-bots,#member-screening-setup,#account-security-checklist,#admin-permissions-management,#best-practices-for-safe-use,#1-email-security,#best-practices--additional-tips) resolve to existing headings in the destination guides - Cross-framework links (
/opsec/overview,/awareness/overview,/incident-management/overview) point to existing pages - No leftover debug content, TODO markers, or placeholder text
- Content restructuring aligns with repo conventions (tables, topic indexes, descriptive links)
- scode2277's prior review feedback (relative links, AttributionList import, removing manual ContributeFooter) has been addressed in subsequent commits
Minor Note (non-blocking)
overview.mdxcontributor frontmatter listsghadi8as reviewer — this predates the PR and is unchanged. No action needed for this PR.
No blocking issues. Ready to merge.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I have updated the overall update overview to be more inline with the feedback given over the past few weeks, which were:
Reframe the intro as a wayfinding statement. Instead of opening with a content summary, open with a one- or two-sentence orientation about what community security covers and where to go. Something like: "Community Management security spans several disciplines — each with its own dedicated Framework. Use this page to find the right one."
Convert the best practices section into a visual index. Each of the four sections (2FA/passwords, phishing, OpSec, emergency response) already has a corresponding Framework, so we can turn them into explicit cards or a linked table with the topic, a single descriptive sentence, and the link. This keeps the content without making it feel like a dead end.
Cut the inline detail that lives somewhere else. For example, TOTP configuration advice, the password manager separation rule, and the DM-first policy all belong in the destination frameworks, not here. Keeping it here creates both a maintenance burden for your team and dilutes the "go there for more" message.
------------------------------------------------------------------------ Therefore I was able to make the community manage guides more of the why, what, and how/where? Explaining this information and then leading into the actual frameworks for each that ALL needs to be taken into consideration when talking about community management and it's subsequent guides/frameworks.
This included a complete reformat of this page, that I think addresses all feedback and has a cleaner flow to providing the north star for this section.
Frameworks PR Checklist
Thank you for contributing to the Security Frameworks! Before you open a PR, make sure to read information for contributors and take a look at the following checklist:
vocs.config.tsadding thedev: trueparameter