Code Monkey home page Code Monkey logo

theupdateframework.io's People

Contributors

axelsimon avatar h4l0gen avatar jhdalek55 avatar joshuagl avatar justincappos avatar lucperkins avatar lukpueh avatar marcwickenden avatar mnm678 avatar shurup avatar trishankatdatadog avatar udf2457 avatar

Stargazers

 avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

theupdateframework.io's Issues

Clarity needed in relation to Snapshot role and online vs offline

At the moment, the website can't seem to make its mind up as to whether Snapshot role keys should be online or offline.

Really someone needs to decide once and for all and stick to it, instead of all this conflicting wording.

If we consider the Specification as the ultimate source of truth, then we are told:

All keys, except those for the timestamp and mirrors roles, should be stored securely offline

content/metadata.md seems to agree:

so that the Snapshot role's keys can be kept offline, and thus more secure

So far so good. But the FAQ content/faq.md is where you have the bouncing around. On one page we are told two different things...

Three places state online:

even sharing online keys (e.g., between the Timestamp and Snapshot roles)

In contrast, the Snapshot role is updated often, signed with an online key

The Timestamp and Snapshot roles can use online keys

And then we have a suggestion of offline for Snapshot:

separate keys should be used so that the Snapshot role’s keys can be kept offline, and thus in a more secure manner.

If we assume the Specification reflects the TUF design decision, then the rest of the website should be consistent.

Blog posts about TUF need to be added to the homepage

Blog posts about TUF need to be added to the homepage. Went through the first five pages of a Google search and found quite a few blog posts; some of them are really good. Title and links to the blog posts below (mine included):

Set hardening headers

For TUF to complete the requirements using https://theupdateframework.io/ for the CII Best Practices Gold badge, it must include certain hardening headers. They are:

  • Content Security Policy (CSP)
  • HTTP Strict Transport Security (already set)
  • X-Content-Type-Options (as "nosniff")
  • X-Frame-Options

I'm looking at the headers using https://securityheaders.com/?q=https%3A%2F%2Ftheupdateframework.io&followRedirects=on and the requirements for the gold badge criteria can be found at https://bestpractices.coreinfrastructure.org/en/projects/1351?criteria_level=2#hardened_site.

Add CONTRIBUTING.md file to the repository

Description:

To enhance the contribution process and provide clear guidelines for new and existing contributors, we need to add a CONTRIBUTING.md file to the theupdateframework.io repository. This file will outline the steps for contributing, the code of conduct, how to report issues, and how to submit pull requests.

Update Required for README on theupdateframework.io

Description:

The current README on theupdateframework.io is outdated and does not have any content. This can lead to confusion and misalignment for users and contributors who rely on accurate documentation.

Add Social Media Icons to Website Footer

Description:

Enhance the website footer by adding social media icons and links for improved engagement and community interaction.

Icons to Add:
GitHub Icon: Linked to your GitHub profile or repository.
Slack Icon: Linked to the CNCF Slack workspace or your project's Slack channel.
Twitter Icon: Linked to your Twitter profile.
Mailing List Icon: Linked to your project's mailing list signup page.

Benefits:

Improved Visibility: Icons make it easier for visitors to connect with your project on different platforms.
Enhanced Engagement: Direct links encourage visitors to explore and engage with your project's community and updates.

Screenshot
TUF website

Add contributors page

theupdateframework/python-tuf#1807 removes the unmaintained AUTHORS.txt, because it fits better within the scope of the wider TUF project, that is not all organizations and individuals listed in the document are/were affiliated with python-tuf.

We should re-add an up-to-date TUF authors/contributors document either to the website or to a project-wide repository (e.g. github.com/theupdateframework/community <- does not exist yet) to acknowledge the efforts of our contributors.

@joshuagl suggests to auto-generate the document from git commits (of which repo?).

Sync with #37

Add Newsletter Section to theupdateframework.io

Description:

We propose adding a newsletter section to theupdateframework.io to enhance community engagement and communication. This newsletter will serve as a valuable resource for subscribers, providing updates, announcements, and insights related to The Update Framework (TUF).

Benefits:

  • Improved Communication: A newsletter will facilitate regular communication with the community, keeping them informed about project updates, events, and relevant news.

  • Community Engagement: Subscribers can stay engaged with TUF developments, contributing to a vibrant and active community.

  • Information Dissemination: The newsletter will be a platform to share important information, best practices, and resources related to TUF, promoting knowledge sharing.

  • Outreach and Promotion: The newsletter can also serve as a tool for outreach and promotion, attracting new contributors, users, and supporters to the TUF ecosystem.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.