Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bikeshed should require security and privacy considerations sections. #513

Closed
mikewest opened this issue Oct 30, 2015 · 5 comments
Closed

Bikeshed should require security and privacy considerations sections. #513

mikewest opened this issue Oct 30, 2015 · 5 comments

Comments

@mikewest
Copy link
Contributor

As discussed in https://w3ctag.github.io/security-questionnaire/#considerations, it would be lovely if Bikeshed would fail to compile specifications that don't contain a header labeled "Security Considerations" and a header labeled "Privacy Considerations".

WDYT, @tabatkins?

/cc @npdoty @mnot
mikewest added a commit to mikewest/bikeshed that referenced this issue Oct 30, 2015
@mikewest
Warn if security/privacy considerations sections are not present.
4c5345e 
Closes speced#513.
@mikewest mikewest mentioned this issue Oct 30, 2015
Merged
@tabatkins
Copy link
Collaborator

I'm not down with requiring this for all Bikeshedded documents; Bikeshed is used outside the W3C, and can be used for non-spec things (I'm doing so privately), both of which don't need this.

But I am happy to maintain a list of groups that are W3C, and trigger the check/warning whenever a spec is generated for one of those groups.

mikewest added a commit to mikewest/bikeshed that referenced this issue Nov 5, 2015
@mikewest
Require security/privacy considerations for W3C specs.
2f47d94 
This patch teaches the metadata manager about groups that belong to the
W3C in one way or another, and throws a warning if a specification
produced by one of those groups neglects to include a "Security
Considerations" or "Privacy Considerations" section.

Closes speced#513.
@mikewest
Copy link
Contributor Author

mikewest commented Nov 5, 2015

Ok. What do you think about the approach in #514?

mikewest added a commit to mikewest/bikeshed that referenced this issue Nov 11, 2015
@mikewest
Require security/privacy considerations for W3C specs.
6ea7271 
This patch teaches the metadata manager about groups that belong to the
W3C in one way or another, and throws a warning if a specification
produced by one of those groups neglects to include a "Security
Considerations" or "Privacy Considerations" section.

Closes speced#513.
mikewest added a commit to mikewest/bikeshed that referenced this issue Nov 11, 2015
@mikewest
Require security/privacy considerations for W3C specs.
89f5bdc 
This patch teaches the metadata manager about groups that belong to the
W3C in one way or another, and throws a warning if a specification
produced by one of those groups neglects to include a "Security
Considerations" or "Privacy Considerations" section.

Closes speced#513.
@npdoty npdoty mentioned this issue Dec 10, 2015
Closed
@npdoty
Copy link

npdoty commented Dec 11, 2015

Should we also check for a "Privacy and Security Considerations" section? It seems like some groups are combining them, which seems like a reasonable practice we should support. Or was there a particular reason to prompt for separate sections entitled "Privacy Considerations" and "Security Considerations"?

@mikewest
Copy link
Contributor Author

I don't have strong feelings about it. I'd be happy to support both in one section if that's a common practice.

tabatkins added a commit that referenced this issue Dec 11, 2015
@tabatkins
Allow privacy/security headings to be merged. Fixes #513.
162858f
@tabatkins
Copy link
Collaborator

Done.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mikewest @npdoty @tabatkins