New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bikeshed should require security and privacy considerations sections. #513
Comments
I'm not down with requiring this for all Bikeshedded documents; Bikeshed is used outside the W3C, and can be used for non-spec things (I'm doing so privately), both of which don't need this. But I am happy to maintain a list of groups that are W3C, and trigger the check/warning whenever a spec is generated for one of those groups. |
This patch teaches the metadata manager about groups that belong to the W3C in one way or another, and throws a warning if a specification produced by one of those groups neglects to include a "Security Considerations" or "Privacy Considerations" section. Closes speced#513.
Ok. What do you think about the approach in #514? |
This patch teaches the metadata manager about groups that belong to the W3C in one way or another, and throws a warning if a specification produced by one of those groups neglects to include a "Security Considerations" or "Privacy Considerations" section. Closes speced#513.
This patch teaches the metadata manager about groups that belong to the W3C in one way or another, and throws a warning if a specification produced by one of those groups neglects to include a "Security Considerations" or "Privacy Considerations" section. Closes speced#513.
Should we also check for a "Privacy and Security Considerations" section? It seems like some groups are combining them, which seems like a reasonable practice we should support. Or was there a particular reason to prompt for separate sections entitled "Privacy Considerations" and "Security Considerations"? |
I don't have strong feelings about it. I'd be happy to support both in one section if that's a common practice. |
Done. |
As discussed in https://w3ctag.github.io/security-questionnaire/#considerations, it would be lovely if Bikeshed would fail to compile specifications that don't contain a header labeled "Security Considerations" and a header labeled "Privacy Considerations".
WDYT, @tabatkins?
/cc @npdoty @mnot
The text was updated successfully, but these errors were encountered: