[secdir] Secdir last call review of draft-ietf-git-github-wg-configuration-06
Nancy Cam-Winget via Datatracker <noreply@ietf.org> Fri, 28 February 2020 20:30 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id EBDC83A1D73; Fri, 28 Feb 2020 12:30:14 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Nancy Cam-Winget via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: draft-ietf-git-github-wg-configuration.all@ietf.org, last-call@ietf.org, ietf-and-github@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.119.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <158292181485.22384.12881384694322889736@ietfa.amsl.com>
Reply-To: Nancy Cam-Winget <ncamwing@cisco.com>
Date: Fri, 28 Feb 2020 12:30:14 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/IFaUhoeL7yBRmJa8AU2ywwt74Iw>
Subject: [secdir] Secdir last call review of draft-ietf-git-github-wg-configuration-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Feb 2020 20:30:15 -0000
Reviewer: Nancy Cam-Winget Review result: Ready SECDIR review of draft-ietf-git-github-wg-configuration-06 Reviewer: Nancy Cam-Winget Review result: Ready with a minor nit and question I have been tracking and actually using the guidelines and tools laid out in this document; as such, it is well written and easy to follow (thank you!). My nits/question are minor: Section 1: - Subjectively, I think the last clause in the last sentence of the 2nd paragraph is superfluous “…using GitHub in a uniform way if desired”. Could be abbreviated to “…using GitHub in a uniform way.” May be sufficient Section 5: There are actually no procedures for the pull requests; admittedly, I don’t know about GitHub’s protective measures….but as I believe anyone can generate a pull request, couldn’t this be an issue from a flood and legitimacy perspective?
- [secdir] Secdir last call review of draft-ietf-gi… Nancy Cam-Winget via Datatracker