- From: Jason A. Novak <jnovak@apple.com>
- Date: Sun, 16 Sep 2018 22:26:44 -0500
- To: public-privacy@w3.org
- Cc: Samuel Weiler <weiler@w3.org>, Tara Whalen <tjwhalen@google.com>, Nick Doty <npdoty@ischool.berkeley.edu>, Christine Runnegar <runnegar@isoc.org>
- Message-id: <42B10E1D-C6CE-4609-8905-479ED1625DDD@apple.com>
Following up on our conversation on last week’s call, we’ve fleshed out the process for how we will be using GitHub to manage edits to the questionnaire. Below please find the process as well as the schedule starting this week. Also, as stated on the call, happy to take feedback over email. Finally, if you’re interested in part of the smaller group focusing on this, please email me and the folks CC’ed on this email. We don’t have a formal mailing list yet and may move to such depending on size. GitHub Process - Fork w3ctag/security-questionnaire to a new repo (currently jasonanovak/security-questionnaire <https://github.com/jasonanovak/security-questionnaire>; planning to move under w3c GitHub org) - Have a branch for each section in jasonanovak/security-questionnaire <https://github.com/jasonanovak/security-questionnaire> - For each section, each week: - Have folks file issues against jasonanovak/security-questionnaire <https://github.com/jasonanovak/security-questionnaire> - Incorporate the edits into jasonanovak/security-questionnaire/that-sections-branch - Build a PR of that is comparing jasonanovak/security-questionnaire/that-sections-branch to jasonanovak/security-questionnaire/master - Have PING review that PR (I’ll email it out to the group for folks to submit comments against). - Incorporate any edits - Send a finalized PR of jasonanovak/security-questionnaire/that-section-branch to w3ctag/security-questionnaire/master for the TAG to merge in. Schedule Week of 9/17 - Discussion regarding PING’s goals for the questionnaire — how does it feed into the review process writ large, what the format of privacy and security consideration sections should be, etc. 9/21 - Output of discussion circulated to group for review. Week of 9/24 - Review of Introduction and Threat Models. 9/28 - Desired edits circulate to PING for discussion as PRs in GitHub. Week of 10/1 - Review of Questions to Consider. 10/5 - Desired edits circulated to PING for discussion as PRs in GitHub. Week of 10/8 - Review of Mitigation Strategies. 10/12 - Desired edits circulated to PING for discussion as PRs in GitHub. Week of 10/15 - Ensure that all discussions points on previous weeks’ outputs have been incorporated into the issues / PRs. 10/19 - Circulate finalized issues to PING for review/discussion as PRs in GitHub. Background Review the following documents and determine what information should be brought into the main questionnaire (if any). If there are any documents we establish consensus on as having no information to bring into the questionnaire, we’ll obsolete them immediately. - https://github.com/w3c/ping/blob/master/privacy-questions.html <https://github.com/w3c/ping/blob/master/privacy-questions.html> - https://github.com/gnorcie/ping-privacy-questions <https://github.com/gnorcie/ping-privacy-questions> - These two are the same document substantively; expect that one can be obsoleted immediately. - https://www.w3.org/wiki/Privacy_and_security_questionnaire <https://www.w3.org/wiki/Privacy_and_security_questionnaire> - https://www.w3.org/wiki/Privacy/Privacy_Considerations <https://www.w3.org/wiki/Privacy/Privacy_Considerations> - Expect that this can be obsoleted immediately - https://w3c.github.io/privacy-considerations/ <https://w3c.github.io/privacy-considerations/> - https://www.w3.org/TR/fingerprinting-guidance/ <https://www.w3.org/TR/fingerprinting-guidance/> - Probably will reference it in the questionnaire understanding that Nick is working on finalizing it. Thanks, Jason
Received on Monday, 17 September 2018 03:27:15 UTC