V14.2.2 is partly duplicate with V2.5.4 #880
Comments
|
+1 good call
…--
Jim Manico
@manicode
On Dec 9, 2020, at 3:08 AM, Elar Lang ***@***.***> wrote:
14.2.2
V14.2.2 Verify that all unneeded features, documentation, samples, configurations are removed, such as sample applications, platform documentation**, and default or example users. **
Last part of the requirement is covered by V2.5.4 requirement:
V2.5.4 Verify shared or default accounts are not present (e.g. "root", "admin", or "sa").
Recommendation:
V14.2.2 Verify that all unneeded features, documentation, samples, configurations are removed, such as sample applications and platform documentation
If needed, add "example account" to V2.5.4 requirement:
V2.5.4 Verify shared, default or example accounts are not present (e.g. "root", "admin", or "sa").
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
|
Proposal:
Is there need to finetune V2.5.4 as well or it can stay like it is at the moment? |
|
A polite suggestion: can we change "samples" to "test code" and remove
some of the redundancy? Perhaps..
V14.2.2 Verify that all unneeded features, documentation, configurations
and test code are removed.
Nice and clear.
- Jim
On 1/4/21 5:51 AM, Elar Lang wrote:
Proposal:
* V14.2.2 Verify that all unneeded features, documentation, samples,
configurations are removed, such as sample applications, platform
documentation.
Is there need to finetune V2.5.4 as well or it can stay like it is at
the moment?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#880 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAEBYCLCMRA3CXPYP74RY4LSYHPZHANCNFSM4UTOZQ7A>.
--
Jim Manico
Manicode Security
https://www.manicode.com
|
|
I would say "samples" and "test code" are different things and this requirement targets "samples" (or examples), demo pages etc. "test code" matches well with automated tests, and it may be confusing from this point of view. |
|
I usually do not deploy test code to a production server that serves up
the actual application, I keep that on my DevOps server or similar. This
concept, admittedly, has changed in the DevOps era - but the point is, I
do not need test code on a production web or API server for the
application to work, and test code sometimes has negative consequences -
especially data driven unit tests.
"samples" does not seem descriptive enough, it's not a formal
engineering term. Maybe "proof of concept"?
- Jim
I would say "samples" and "test code" are different things and this
requirement targets "samples" (or examples), demo pages etc.
"test code" matches well with automated tests, and I may be confusing
from this point of view.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#880 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAEBYCNHDIDHLHNEGBNE7S3SYH6RPANCNFSM4UTOZQ7A>.
--
Jim Manico
Manicode Security
https://www.manicode.com
|
|
"Verify that production environment codes does not have test code." or something like that I would keep as new and separate requirement (opened separate issue #894 ). Why:
|
|
+1 That seems reasonable.
Can we still find a way to improve on the term "samples" maybe "demo
code" instead? Sample of what? Sample of my cooking (which is great)?
- Jim
On 1/4/21 8:07 AM, Elar Lang wrote:
"Verify that production environment codes does not have test code." or
something like that I would keep as new and separate requirement.
Why:
* current requirement (V14.2.2) is targeting all the "package" and
overhead, what comes with application/modules/components and what
you should remove from your code anyway
* test-code is something what you want to keep in your test,
pre-live, staging (or however you want to call your non-production
environments), but you need to remove it from production code or
you don't need to deploy it to production.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#880 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAEBYCKP5L6EWL6W6WSUDATSYH7WVANCNFSM4UTOZQ7A>.
--
Jim Manico
Manicode Security
https://www.manicode.com
|
|
Demo sounds good. But demo what? Demo code, demo functionality, demo application? |
|
Demo code, demo functionality, demo application
Demo code or functionality?
Demo code, functionality or application?
Meh.... You call it :)
- Jim
On 1/4/21 8:13 AM, Elar Lang wrote:
Demo sounds good. But demo what? Demo code, demo functionality, demo
application?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#880 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAEBYCIXZREIFXIYM6KQUDLSYIAN7ANCNFSM4UTOZQ7A>.
--
Jim Manico
Manicode Security
https://www.manicode.com
|
|
So I agree delete 2.5.4 and suggest a small change to 14.2.2. This one is ready for PR! Verify that all unneeded features, documentation, samples, configurations are removed, such as sample applications, platform documentation, and default users. |
|
I prefer to keep V2.5.4 and remove "accounts/users" part from V14.2.2 as default and test-accounts are clearly separate problem from sample pages and configuration. data vs code question. For discussion: additional concern is - how requirement V14.2.2 is actually "dependency" requirement. Maybe it belongs more to "deploy" subcategory. |
|
That's a great idea, I support it. And I support moving 14.2.2 out of dependency and move it to 14.1.6 (build/depoy section). Sound good? |
|
Should we also rename section 14.1 from Build to Build and Deploy ? |
|
Agreed so far:
Wording is still not finalized. My last proposal:
Jim didn't like the word "samples" and preferred "demo" instead. But demo what? Demo functionality? Functionality demo? And do we need this last part of the requirement, as it's just repeating first part of the requirement? Proposal: |
|
demo implies something else so I surrender to "sample applications" or similar. |
|
V14.1.6 Verify that all unneeded features, documentations, samples applications and configurations are removed. or V14.1.6 Verify that all unneeded features, documentations, samples and configurations are removed, such as sample applications, platform documentation. |
|
How about: V14.1.6 Verify that all unneeded features, documentation, sample applications and configurations are removed from production applications. |
|
Why do you need them in test-environment? |
|
I often want to experiment on my dev or test server. It's part of a typical developer flow. But... I see your point. I would accept the following as a PR. V14.1.6 Verify that all unneeded features, documentation, sample applications and configurations are removed. |
14.2.2
Last part of the requirement is covered by V2.5.4 requirement:
Recommendation:
If needed, add "example account" to V2.5.4 requirement:
The text was updated successfully, but these errors were encountered: