Implement a Security page #438
Comments
dstufft
added
the
good first issue
|
Working on this! |
|
A page has been added for this, but it's currently completely blank. Should just require filling out the template with content now. |
|
@dstufft - should I use the same content as in https://pypi.python.org/security ? Note: fixing this page also contributes to fixing the missing template titles exposed in #1203 |
dstufft
removed
the
good first issue
|
Hey- So I (or someone) needs to actually come up with the correct content. The current security page is got a lot of incorrect information in it. Probably this one needs to just be done by me. |
|
I've just been looking over the docs and had a thought... Is there any reason to have a separate security page that is different from https://warehouse.readthedocs.io/security/ ? Maybe instead of having a standalone page, we can just link to this? That would mean we would only need to update the security content in one place. |
|
Just to chime in unannounced, I find the RTD security page to be clearer than the current PyPI security page, because it offers just one course of clear action: email Donald and Richard. Having used the security page on the current PyPI previously, and ultimately settling on emailing Donald, it was not without some reticence. I've outlined my thought process previously in a private email exchange with Donald (August 26, 2015), and looking back, there were a number of bullet points to get me to the point of making a decision vs. "just email these addresses" As an addendum to @nlhkabu remark about linking, I'd subjectively prefer to see the security page on the PyPI site and linked to from the warehouse RTD -- trust is important, and causing a potential reporter to second guess where they've ended up isn't ideal, especially if they don't know that "warehouse" is ultimately synonymous with PyPI going forward. I don't know how much additional maintenance burden that may result in though. |
I'm not too concerned about moving this content to a standalone page in Warehouse itself - the template is already there, so all we need to do is transfer the content. My main concern with maintenance not duplicating the content, so linking to the Warehouse page from RTD seems like a good idea to me. I agree that an end user is more likely to trust a 'page' on PyPI than the Warehouse docs. @dstufft are you ok for me to go ahead with this? |
|
@nlhkabu Using that content is probably roughly OK for now until I figure out a better policy that doesn't rely on me and Richard answering email. I agree it should be on PyPI itself not in our docs (which are less docs and more a collection of development notes). Should be easy to copy the data over and just delete that page from the Warehouse docs. |
|
I'm putting my hand up for this! |
|
This should be closed since #1985 is merged - correct? |
|
Yup! |
We need a replacement for https://pypi.python.org/security.
The text was updated successfully, but these errors were encountered: