SLSA Blog

[MarkLodato]

I suggest that we create a SLSA Blog. The posts would be presented as opinions of the author, not necessarily of the SLSA project. Benefits:

• To give a steady update on activity to interested parties. Often work goes on behind the scenes or in detailed discussions, so it is difficult to see that progress is being made. A blog post can help communicate that progress at a higher level.
• To allow contributors to describe ideas and current thinking without requiring full community agreement or fully fleshing everything out. We can relate things that are currently in the minds of contributors but that we haven't had time to fully implement.
  • Example: Current thinking on how policy would work. This is a topic I have discussed with many people, but I haven't had time to really write it down formally or get full agreement from the community. But I could describe how I think it might work, which at least gives readers some notion of where SLSA might be headed.
• To allow us to post "informational" documentation that we don't necessarily want to maintain or make official. Other project use "informational" proposals for this process (PEP, TAP) - see Enhancement proposal process #296 (comment). But in my opinion, that is an abuse of the notion of a "proposal." A blog post is a better medium for such content.

Thoughts?

[kimsterv]

I like the idea. Most projects that I know of use Medium to make it easy.

[joshuagl]

Great idea, demonstrating the liveliness of the project to folks not attending the community meetings and providing a space to share ideas both seem like good uses of a blog.

[TomHennen]

What should the process be for approving posts? Just have one other committee member verify that it's not spam?

I'm happy to set it up on Medium.

[TomHennen]

Ok, I'm going to try to set up a Medium 'Publication' for SLSA. Then we can have slsa.dev/blog redirect there somehow.

Someone let me know if they have a better idea.

[edit] Turns out you need a Medium subscription to make a Publication. No idea how we'd handle the billing for that in the SLSA org...

[TomHennen]

I've found a point of contact at the Linux Foundation that should be able to help figure out the payment options. Will follow up with results.

[kimsterv]

What should the process be for approving posts? Just have one other committee member verify that it's not spam?

I think keeping it simple and easy is best. One other committee member and lazy consensus (after say 2 working days?) sgtm. If this doesn't work, we can always revisit of course.

[jorydotcom]

👋🏻 qq, is Medium a strong want here? I ask because another project I work with has historically had several challenges managing its blog on Medium. It's great for the social/share component, and the UI for writers is great, but we find for a variety of reasons its hard to keep it updated (access control/permissions management, collaborating on drafts, people who don't have medium accounts & want to contribute, etc etc). If it's all the same to ya'll, hosting a blog via GH tends to be more successful long term.

[joshuagl]

I'd prefer GitHub too, it feels like that would be easier for review?

I'm on-board with lazy consensus, but worry that two days might be too short? Perhaps it's enough for folks to indicate their intent/desire to review within two days?

[MarkLodato]

I also prefer GitHub, but it is a bit more work to set up and I'm not the one doing it. Medium does have nice commenting, which GitHub wouldn't have by default. I'm OK either way.

To set it up on GitHub, I believe this involves:

• Adding a link to docs/_data/nav.yml (we'll need this either way)
• Configuring docs/_config.yml have the put posts under /blog/ or whatever.
• Creating a post layout.
• Creating a page that lists all of the posts.

If we instead want the blog on a subdomain, I think we'd need to create a new git repo and set up Jekyll there, including the theme, and link to it from the main SLSA website.

[TomHennen]

I believe @jorydotcom is volunteering to set it up for us.

Also I think I'd prefer not having comments since it's just another thing to moderate. If people really want to comment they can use Twitter or file GH issues? I don't feel that strongly about this though.

[jorydotcom]

@MarkLodato @TomHennen happy to do the setup whichever route ya'll go. And great question whether you want the blog to sit with your existing site or spun up on a subdomain. Probably keeping it with the existing repo would be faster, so we don't have to track down whoever has access to the DNS and mess with that. Also one less repo to maintain.

[MarkLodato]

Great! I'm ok with /blog/. Any objections?

[joshuagl]

I like /blog/