IETF Logo Mail Archive

[secdir] Secdir last call review of draft-ietf-git-github-wg-configuration-06

Nancy Cam-Winget via Datatracker <noreply@ietf.org> Fri, 28 February 2020 20:30 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id EBDC83A1D73; Fri, 28 Feb 2020 12:30:14 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Nancy Cam-Winget via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: draft-ietf-git-github-wg-configuration.all@ietf.org, last-call@ietf.org, ietf-and-github@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.119.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <158292181485.22384.12881384694322889736@ietfa.amsl.com>
Reply-To: Nancy Cam-Winget <ncamwing@cisco.com>
Date: Fri, 28 Feb 2020 12:30:14 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/IFaUhoeL7yBRmJa8AU2ywwt74Iw>
Subject: [secdir] Secdir last call review of draft-ietf-git-github-wg-configuration-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Feb 2020 20:30:15 -0000

Reviewer: Nancy Cam-Winget
Review result: Ready

SECDIR review of draft-ietf-git-github-wg-configuration-06

Reviewer: Nancy Cam-Winget
Review result: Ready with a minor nit and question

I have been tracking and actually using the guidelines and tools laid out in
this document; as such, it is well written and easy to follow (thank you!).

My nits/question are minor:
Section 1:
- Subjectively, I think the last clause in the last sentence of the 2nd
paragraph is superfluous “…using GitHub in a uniform way if desired”. Could be
abbreviated to “…using GitHub in a uniform way.”  May be sufficient

Section 5:
There are actually no procedures for the pull requests; admittedly, I don’t
know about GitHub’s protective measures….but as I believe anyone can generate a
pull request, couldn’t this be an issue from a flood and legitimacy perspective?

v2.23.0 | Report a Bug | By Email