You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@pulsar.apache.org by Michael Marshall <mm...@apache.org> on 2022/02/25 20:21:59 UTC
[DISCUSS] Location of Security Page on Website
Hi Pulsar Community,
I recently contributed a "Security Policy and Supported Versions" page
to our website [0]. I just noticed that it is not yet showing up on
the website because it is in the versioned section of the
documentation. I think it would make sense to move this page location
so that it is not versioned, since its content is independent of the
Pulsar version, but I'm not sure where it should go.
Is there a good place we can put the page? I could see adding a button
in the "Community" drop down tab at the top of the page. I could also
see adding a "Security" tab in the top bar. I am open to suggestions.
My main priority is that users should be able to easily discover this
important content.
Thanks,
Michael
[0] https://github.com/apache/pulsar/pull/10829
Re: [DISCUSS] Location of Security Page on Website
Posted by Michael Marshall <mm...@apache.org>.
Thanks for your reply, Yu.
I am fine with separating the information in the "Security Policy and
Supported Versions" page.
First, I think it would make sense to add "reporting a vulnerability"
information anywhere that our documentation has contact info (many of
the pages you reference have their security contact info in the
contact section). I submitted a PR for this here [0]. We can also have
this information on the "Contribution" page.
Apache Spark's website is another one we could consider. Their website
has their versioning policy information under a "Developers" tab at
the top of the website [2]. That tab also has a security page that
includes previous CVEs and information on how to report a
vulnerability. I am not sure that we need a "developers" tab, but I
like the idea of having dedicated pages for security and for
versioning policy. Both pages will have important information that
users should be able to easily find.
> 2.4 Move the "Versioning Policy" and "Supported Versions" sections to the
> "PIP 47: Time Based Release Plan" page [7] since they are more relevant.
I think all of this information (including the PIP 47 information)
should live on the website, not on the GitHub wiki. I would prefer to
have a "Release Plan" that is independent from a single PIP so that it
can be easier to make updates to the release plan, as needed. Notice
that the Apache Spark website's Versioning Policy page also has a
section for "Release Cadence". My preference is to add a new button
somewhere (it could be in the "Community" drop down or in another one)
that has buttons for our "Versioning Policy" and for our "Release
Process".
Thanks,
Michael
[0] https://github.com/apache/pulsar/pull/14610
[1] https://spark.apache.org/versioning-policy.html
On Sun, Feb 27, 2022 at 9:25 PM Yu <li...@apache.org> wrote:
>
> Hi Michael,
>
> Thanks for your contribution!
>
> 1 "Security Policy and Supported Versions" is shown on the Pulsar website
> [1]
> 1.1 It is in "master" (site2/docs) rather than a versioned section.
> 1.2 Some contents are not shown correctly. It is strongly recommended that
> RUN A LOCAL PREVIEW BEFORE SUBMITTING DOCS [2].
>
> 2. As for the place, it makes more sense to separate the whole page into
> several places because each of them belongs to different parts, so my
> suggestions are:
>
> 2.1 If we want to improve "security" visibility:
> 2.1.1 Create an independent page named "Project info" under the "Community"
> page.
> 2.1.2 Create a "Security" section on the "Project info" page and add
> security-related info.
> 2.1.3 Move less frequently used items (eg. Contact, Coding guide, Twitter,
> Wiki, Issue tracking, Resources, Team) under the "Project info" page. Leave
> "Contributing" and "Pulsar Summit" under the "Community" drop-down list.
>
> 2.2 Move the "Reporting a Vulnerability" section to the "Contribution"
> guide [3] since it instructs users how to make a contribution.
> Similar cases: Cassandra [4], RabbitMQ [5], Trino [6].
>
> 2.3 Remove the "Using Pulsar's Security Features" section since it does not
> provide additional info (or move this section elsewhere).
>
> 2.4 Move the "Versioning Policy" and "Supported Versions" sections to the
> "PIP 47: Time Based Release Plan" page [7] since they are more relevant.
> Besides, we're considering improving the Pulsar release note page [8], it
> is possible to add explanations for "release naming" [9] (somehow = the
> "Versioning Policy" section) there later.
>
> [1]
> https://pulsar.apache.org/docs/en/next/security-policy-and-supported-versions/
> [2] https://github.com/apache/pulsar/tree/master/site2#website
> [3] https://pulsar.apache.org/en/contributing/
> [4] https://cassandra.apache.org/_/community.html#how-to-contribute
> [5] https://www.rabbitmq.com/#community
> [6] https://trino.io/community.html
> [7] https://github.com/apache/pulsar/wiki/PIP-47%3A-Time-Based-Release-Plan
> [8]
> https://docs.google.com/document/d/1mYCzS1ffssPP-WUKsfXprWzqu-7DD7c6yTyq3VIRUZg/edit#heading=h.x59j1xzdb0kz
> [9] https://www.cockroachlabs.com/docs/releases/index.html#release-naming
>
>
> On Sat, Feb 26, 2022 at 4:22 AM Michael Marshall <mm...@apache.org>
> wrote:
>
> > Hi Pulsar Community,
> >
> > I recently contributed a "Security Policy and Supported Versions" page
> > to our website [0]. I just noticed that it is not yet showing up on
> > the website because it is in the versioned section of the
> > documentation. I think it would make sense to move this page location
> > so that it is not versioned, since its content is independent of the
> > Pulsar version, but I'm not sure where it should go.
> >
> > Is there a good place we can put the page? I could see adding a button
> > in the "Community" drop down tab at the top of the page. I could also
> > see adding a "Security" tab in the top bar. I am open to suggestions.
> >
> > My main priority is that users should be able to easily discover this
> > important content.
> >
> > Thanks,
> > Michael
> >
> > [0] https://github.com/apache/pulsar/pull/10829
> >
Re: [DISCUSS] Location of Security Page on Website
Posted by Yu <li...@apache.org>.
Hi Michael,
Thanks for your contribution!
1 "Security Policy and Supported Versions" is shown on the Pulsar website
[1]
1.1 It is in "master" (site2/docs) rather than a versioned section.
1.2 Some contents are not shown correctly. It is strongly recommended that
RUN A LOCAL PREVIEW BEFORE SUBMITTING DOCS [2].
2. As for the place, it makes more sense to separate the whole page into
several places because each of them belongs to different parts, so my
suggestions are:
2.1 If we want to improve "security" visibility:
2.1.1 Create an independent page named "Project info" under the "Community"
page.
2.1.2 Create a "Security" section on the "Project info" page and add
security-related info.
2.1.3 Move less frequently used items (eg. Contact, Coding guide, Twitter,
Wiki, Issue tracking, Resources, Team) under the "Project info" page. Leave
"Contributing" and "Pulsar Summit" under the "Community" drop-down list.
2.2 Move the "Reporting a Vulnerability" section to the "Contribution"
guide [3] since it instructs users how to make a contribution.
Similar cases: Cassandra [4], RabbitMQ [5], Trino [6].
2.3 Remove the "Using Pulsar's Security Features" section since it does not
provide additional info (or move this section elsewhere).
2.4 Move the "Versioning Policy" and "Supported Versions" sections to the
"PIP 47: Time Based Release Plan" page [7] since they are more relevant.
Besides, we're considering improving the Pulsar release note page [8], it
is possible to add explanations for "release naming" [9] (somehow = the
"Versioning Policy" section) there later.
[1]
https://pulsar.apache.org/docs/en/next/security-policy-and-supported-versions/
[2] https://github.com/apache/pulsar/tree/master/site2#website
[3] https://pulsar.apache.org/en/contributing/
[4] https://cassandra.apache.org/_/community.html#how-to-contribute
[5] https://www.rabbitmq.com/#community
[6] https://trino.io/community.html
[7] https://github.com/apache/pulsar/wiki/PIP-47%3A-Time-Based-Release-Plan
[8]
https://docs.google.com/document/d/1mYCzS1ffssPP-WUKsfXprWzqu-7DD7c6yTyq3VIRUZg/edit#heading=h.x59j1xzdb0kz
[9] https://www.cockroachlabs.com/docs/releases/index.html#release-naming
On Sat, Feb 26, 2022 at 4:22 AM Michael Marshall <mm...@apache.org>
wrote:
> Hi Pulsar Community,
>
> I recently contributed a "Security Policy and Supported Versions" page
> to our website [0]. I just noticed that it is not yet showing up on
> the website because it is in the versioned section of the
> documentation. I think it would make sense to move this page location
> so that it is not versioned, since its content is independent of the
> Pulsar version, but I'm not sure where it should go.
>
> Is there a good place we can put the page? I could see adding a button
> in the "Community" drop down tab at the top of the page. I could also
> see adding a "Security" tab in the top bar. I am open to suggestions.
>
> My main priority is that users should be able to easily discover this
> important content.
>
> Thanks,
> Michael
>
> [0] https://github.com/apache/pulsar/pull/10829
>