Re: [Ietf-and-github] AD review of draft-ietf-git-github-wg-configuration-05
"Christopher Wood" <caw@heapingbits.net> Sat, 08 February 2020 23:08 UTC
Return-Path: <caw@heapingbits.net>
X-Original-To: ietf-and-github@ietfa.amsl.com
Delivered-To: ietf-and-github@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 3BA731200C4;
Sat, 8 Feb 2020 15:08:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001,
URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=heapingbits.net header.b=HNdHoVUb;
dkim=pass (2048-bit key)
header.d=messagingengine.com header.b=f70H7mO1
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id udFY81DhECK9; Sat, 8 Feb 2020 15:08:56 -0800 (PST)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com
[66.111.4.27])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id AFCE71200C3;
Sat, 8 Feb 2020 15:08:56 -0800 (PST)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46])
by mailout.nyi.internal (Postfix) with ESMTP id 06F3321B55;
Sat, 8 Feb 2020 18:08:56 -0500 (EST)
Received: from mailfrontend2 ([10.202.2.163])
by compute6.internal (MEProxy); Sat, 08 Feb 2020 18:08:56 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net;
h=from:to:cc:subject:date:message-id:in-reply-to:references
:mime-version:content-type:content-transfer-encoding; s=fm3; bh=
qYSqpnvCWsmp94kbey6thS9m9ghyorvat4eSb5Q3YHk=; b=HNdHoVUbgOaH7gHH
XZ2TcDt/KOJlvQkhV0RTCmaiSVabVEUzlxp54QKDGOOIzE+vuuy4UgglHi2djAUI
zVSSR3yK8q+osj92nrqUe08m7uIp3puCUdoovYlIvJrrzH+IbfaQqPdMbxX1saKQ
4/Ypwv/fR03UqMFjNdn9PetJxm2KRhi+XUwd8buNlJjK4rFIf2aOC6BhOtPcsu0v
quhZzg2Q5nWbnVCJY+qW+FywzLVCPbdxxUeR2MNdpMEopRP+u0iAibHAGbIuoR+3
twV4YdexPQQdzoxn3L3F/cnqWGZqWe4iAQCsvoUPwEfta5VycZ/Z7Nv+duazRsTZ
+Ty0Dw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
messagingengine.com; h=cc:content-transfer-encoding:content-type
:date:from:in-reply-to:message-id:mime-version:references
:subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
:x-sasl-enc; s=fm2; bh=qYSqpnvCWsmp94kbey6thS9m9ghyorvat4eSb5Q3Y
Hk=; b=f70H7mO1SmIe+SDkH4Z3B9ZvwcD2zsdTeWpKxOaFMfkNje5cDEPxPRUBB
84+CA1qrCx7L1mx9Qj2Dpi0077DqJCYVvDdRK+xStM4DgxPEXbFRYlSyhjGSHUDn
MyHmZASxQzDqeASVujhFLdJpP3oobF0f3pmKSsoZNzlFOjcxFsilBaNuGSWCEP9R
FTBWPr3CZrBhwD3quiiB0dB24Y2oJEUBz7CvoRT0r4lp3Uuf3COG9Vq9Un+uYFu3
8kG1wr4ZyLvXH0eR5agtQN/i5zjz2qocloJP4w1SBWuOZ+sy1PNkCORzFMqU6r1z
QsAXBdbEUwM8duVSqcolLzfohJN9A==
X-ME-Sender: <xms:hz8_XmKBf9LrefDDjVNAHRs-_FNkZxzoglwT4Tm5jD1Md68ki-OlLg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedrheekgddtvdcutefuodetggdotefrodftvf
curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc
fjughrpefhvffufffokfgjfhggtgfgsehtkehmtdertdejnecuhfhrohhmpedfvehhrhhi
shhtohhphhgvrhcuhghoohgufdcuoegtrgifsehhvggrphhinhhgsghithhsrdhnvghtqe
enucffohhmrghinhepghhithhhuhgsrdgtohhmpdhivghtfhdrtghomhdprhhftgdqvggu
ihhtohhrrdgtohhmpdhivghtfhdrohhrghenucfkphepjeefrdelvddrieegrddufedtne
cuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheptggrfies
hhgvrghpihhnghgsihhtshdrnhgvth
X-ME-Proxy: <xmx:hz8_Xq8icmyz-CfivOeBVmxUQdyApGs9e0K4OR-anzydr3fyKP1WyA>
<xmx:hz8_Xo_cF9cx7ukQQGNHAparr_478EH6shv2GDGeef_xHq42Kz4tPg>
<xmx:hz8_XrhjeB-v_KTYg4E0fLhhrG6-iu9VkfRRv14qM0rbeCvIQ-f1Mg>
<xmx:iD8_Xi9T1rKpGEAWvCPUCA1BYrjQ4rW4P4AvuqTtmI8NK7M7mj4zdA>
Received: from [10.0.0.184] (c-73-92-64-130.hsd1.ca.comcast.net [73.92.64.130])
by mail.messagingengine.com (Postfix) with ESMTPA id 12CF330600DC;
Sat, 8 Feb 2020 18:08:54 -0500 (EST)
From: "Christopher Wood" <caw@heapingbits.net>
To: "Barry Leiba" <barryleiba@computer.org>
Cc: draft-ietf-git-github-wg-configuration@ietf.org, ietf-and-github@ietf.org,
git-chairs@ietf.org
Date: Sat, 08 Feb 2020 15:08:53 -0800
X-Mailer: MailMate (1.13.1r5671)
Message-ID: <A7B6275A-167C-4DDB-9E79-FE74571AEE9C@heapingbits.net>
In-Reply-To: <CALaySJLuEDETWX6QTS4YmoqBPMf+7H+39cy9E5JYT=6f+8cY4A@mail.gmail.com>
References: <CALaySJLuEDETWX6QTS4YmoqBPMf+7H+39cy9E5JYT=6f+8cY4A@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-and-github/OYEi6fIlITWzbrDX0e-__VtDDlU>
Subject: Re: [Ietf-and-github] AD review of
draft-ietf-git-github-wg-configuration-05
X-BeenThere: ietf-and-github@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of using GitHub in IETF activities,
particularly for Working Groups" <ietf-and-github.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-and-github>,
<mailto:ietf-and-github-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-and-github/>
List-Post: <mailto:ietf-and-github@ietf.org>
List-Help: <mailto:ietf-and-github-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-and-github>,
<mailto:ietf-and-github-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Feb 2020 23:08:59 -0000
Thanks, Barry! I made a PR [1] that should address your comments. Please have a look. More specific responses are inline below. On 7 Feb 2020, at 8:30, Barry Leiba wrote: > > Blocking comment: > > — Section 2.4 — > > When a working group is closed, the team with administrative access > would be removed and the owner list would be returned to its > initial > composition. > > What “initial composition”? The Secretariat and the ADs at the > time > the organization was created? That doesn’t make sense. The > Secretariat and current ADs at the time of closing? That’s not > “initial”. Or do you have something else in mind? Good catch! I think the Secretariat and current ADs at the time of closing is the intent. I made that change in [1]. > > > The rest: > > — Abstract — > Just a note here that the second paragraph should be removed before > publication. I’ve put this in as an RFC Editor Note. > > — Section 1 — > > proposals in this document, the functional requirements would need > to > be discussed with the IETF Tools Team, and the IETF Secretariat who > would need to support various pieces of what is proposed herein. > > Nit: the comma after “Tools Team” is misplaced, and should be > after > “Secretariat” instead. > > — Section 2 — > > For example, see > <https://github.com/richsalz/ietf-gh-scripts> and > <https://github.com/martinthomson/i-d-template> for working > examples > of automation that is in use in some working groups. > > Two things here: > > 1. Nit: “For example … for working examples” is redundant; I > suggest > starting the sentence with “See”. > > 2. I’m not sure that these URLs will stand the test of time, > remaining > valid in an archival document. On the other hand, having them here as > examples is certainly useful. Perhaps we could archive them on an > ietf.com page, or perhaps the RFC Editor could do so on an > rfc-editor.com page? I'm happy with either of these options. Alissa, Paul: what do you think? > > In this document the question of whether processes should be manual > or automated is deliberately left ambiguous > > “Ambiguous” isn’t the right word — it carries a connotation of > confusion. I suggest “unspecified”. And there needs to be a > comma > after that word, whichever we choose. > > — Section 2.2 — > > be able to run steps 3 and 4 from Section 2.1 so that the rest of > the > activities in this section such as personnel work the same for the > organizations that were created on their own. > > I find this awkward; I think it needs commas and a minor edit: > > NEW > be able to run steps 3 and 4 from Section 2.1 so that the rest of > the > activities in this section, such as personnel changes, work the > same > way as for organizations that were created as specified herein. > END > > — Section 2.5 — > > o Creating a new repository for an individual draft that is at the > discretion of the WG chair; > > What does “an individual draft that is at the discretion of the WG > chair” mean? I assume this means an I-D that lives under the WG organization rather than an individual's account, perhaps as a way of increasing visibility, without it being an adopted WG draft. Since this is one of a list of possible examples, and one that I've not seen in practice, I removed it in [1]. (If we think it should remain, perhaps someone can elaborate on the original text?) > > — Section 4 — > > An attacker who can change the contents of Internet Drafts, > particularly late in a working group's process, can possibly cause > unnoticed changes in protocols that are eventually adopted. > > Indeed, and so should we propose any mitigations? Using a github > instance that’s maintained and secured under ietf.org? At the very > least we’ll need to rely on careful review during the publication > process, including verifying what changes were made at each step and > flagging questionable changes. The text here should probably say > something more. I don't think so, as this is true with or without the use of GitHub. Though I’m curious to hear what others think. Thanks again! Best, Chris [1] https://github.com/ietf-gitwg/draft-ietf-git-github-wg-configuration/pull/15
- [Ietf-and-github] AD review of draft-ietf-git-git… Barry Leiba
- Re: [Ietf-and-github] AD review of draft-ietf-git… Christopher Wood
- Re: [Ietf-and-github] AD review of draft-ietf-git… Alissa Cooper
- Re: [Ietf-and-github] AD review of draft-ietf-git… Barry Leiba