Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nudging/warnings/prompts for Privacy and Security Considerations sections #539

Closed
npdoty opened this issue Dec 10, 2015 · 6 comments
Closed

Nudging/warnings/prompts for Privacy and Security Considerations sections #539

npdoty opened this issue Dec 10, 2015 · 6 comments
Labels
enhancement
Milestone
3.3

Comments

@npdoty
Copy link

npdoty commented Dec 10, 2015

(Per prior conversation with @darobin and @wseltzer, I meant to log this in Github months ago.)

It would be great if the Respec tooling could help prompt or nudge those using it for Web spec development to include a Privacy and Security Considerations section if they haven't already. This could be done either by introducing a warning (that can be turned off), or by creating a section with an issue block or bold text noting the lack of text.

Some issues that have been noted:

  • Respec can be used for other documents besides W3C specs, and so this prompt wouldn't make sense in those contexts (so we'd want to limit its applicability somehow)
  • False positives (where a spec does have a good priv/sec considerations section but still gets the warning/prompt) would be frustrating: can we write a good heuristic to guess at the presence of existing sections? I bet this would be feasible.
@npdoty
Copy link
Author

npdoty commented Dec 10, 2015

Bikeshed has something similar, to introduce a warning if the sections appear to be missing, and specifically and explicitly limits it to W3C groups:
speced/bikeshed@89f5bdc
speced/bikeshed#513
Thanks @mikewest

@marcoscaceres
Copy link
Member

Great idea. We could warn if missing a section labelled "privacy" or some such.

@marcoscaceres
Copy link
Member

Pilfer: https://github.com/tabatkins/bikeshed/pull/514/files#diff-3029e86a898fb9c94d4c0b4238b4a709R316

@marcoscaceres marcoscaceres added this to the 3.3 milestone Dec 10, 2015
@npdoty
Copy link
Author

npdoty commented Dec 11, 2015

I'm thinking we should check for having either: both a section with "security" and "considerations" and a section with "privacy" and "considerations" or: a section with "security" "privacy and "considerations". Maybe I should do a quick check and see if that would have any false positives for a sample of recently published documents that do have relevant sections.

@mikewest
Copy link
Member

The check I added to Bikeshed is fairly brain dead, and will cause false
positives. My take on it is that it's reasonable to require explicit
"security considerations" and "privacy considerations", as that will make
it clear for reviewers and readers at a fairly small cost to authors and
editors.

I guess combining them into a single section would be alright as well.
shrug If that's a cowpath you find in your spot checking, I wouldn't mind
paving it with you.

-mike

On Friday, 11 December 2015, Nick Doty notifications@github.com wrote:

I'm thinking we should check for having either: both a section with
"security" and "considerations" and a section with "privacy" and
"considerations" or: a section with "security" "privacy and
"considerations". Maybe I should do a quick check and see if that would
have any false positives for a sample of recently published documents that
do have relevant sections.


Reply to this email directly or view it on GitHub
#539 (comment).

-mike

@marcoscaceres
Copy link
Member

Added this a while ago

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
3.3
Development

No branches or pull requests
3 participants
@mikewest @npdoty @marcoscaceres