-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Check for Separate Security and Privacy sections #1346
Comments
The documentation for pubrules at https://www.w3.org/pubrules/doc/rules/?profile=WD#securityAndPrivacy still says they can be a single section. The mockups that @plehegar circulated in 2021-08 still have both as a single section. @equalsJeffH ran into the Bikeshed change at w3c/webappsec-credential-management#186, but we can't find an authoritative statement that the rule has actually changed. Where's that supposed to live? |
Indeed, I'm not seeing a clear statement that the paragraphs must be separated. @plehegar what's your take on this? Depending on your answer, I can take care of updating pubrules. |
The TAG and the PING have made that request here: I have been filing issues but not blocking specs for having the sections combined, but having the tools do the check would be grand. |
There has not been a rule change. I'm fine with a warning but making it a requirement would be a different discussion. |
If people are happy to publish documents for review on /TR and then immediately get tripped up by
then okay to close this, I guess. |
I think the actual requirements and the documents from the horizontal review groups should be consistent. If the PING doesn't want to push its request through to the requirements, it shouldn't ask for it in the intake form. |
PING chairs and team don't feel that pubrules should enforce a requirement that the sections be separated. The documentation recommends separating the sections to make it less likely that spec authors will neglect privacy-specific consideration. We encourage those starting new spec development to write separate sections, but don't insist that editors change existing specs. |
I appreciate the desire for consistency. As wseltzer says, we also want to minimize friction, so while we're asking existing specs to split the sections, we aren't strictly requiring it for now. We have, however, been adding this requirement to WG charters as the groups come up for rechartering. So there is a requirement for many groups in their charters. Soon it will be all[footnote] groups. [footnote] Except, possibly, for one WG, which is trying to be special. |
On Mon, Jan 31, 2022 at 8:59 AM Samuel Weiler ***@***.***> wrote:
so while we're asking existing specs to split the sections, we aren't
strictly requiring it for now.
Well, fwiw, it was "strictly required" for the Credential Management spec:
until we split the Sec & Priv sections in Credential Management, we were
not allowed by the w3c tool chain to update the editors' draft (see
w3c/webappsec-credential-management#186).
… Message ID: ***@***.***>
|
It has been common to have a single section for this, for example:
This is no longer allowed. The horizontal review guidelines mentions separate Security Considerations and Privacy Considerations sections.
Furthermore, the issue template for Privacy review states:
which is an annoying thing to discover, the day you publish a CRD to start on wide review, given that pubrules give no complaint for this.
The text was updated successfully, but these errors were encountered: