Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Security Considerations section #2950

Closed
ioggstream opened this issue Jun 20, 2022 · 7 comments
Closed

Add Security Considerations section #2950

ioggstream opened this issue Jun 20, 2022 · 7 comments
Assignees
@handrews
Labels
security: meta Metadata in and about the specification security
Milestone
v3.0.4

Comments

@ioggstream
Copy link
Contributor

I expect

  • a Security Consideration section / document

Instead

  • there is not
  • some security hints are scattered throughout the document

See https://github.com/ietf-wg-httpapi/mediatypes/pull/49/files#diff-b22c3a369e1499074590046ad01b71334e21c491c64ccf045f8858e2d3036e56R543

cc: @darrelmiller
@MikeRalphson
Copy link
Member

Link #3037

@handrews handrews added security security: meta Metadata in and about the specification labels Jan 27, 2024
@handrews
Copy link
Member

@OAI/tsc / @darrelmiller is this done? Should we add the currently-separate Security Considerations document into 3.0.4 and 3.1.1 as a section?

@handrews handrews mentioned this issue May 27, 2024
Closed
@ralfhandl
Copy link
Contributor

Should we add the currently-separate Security Considerations document into 3.0.4 and 3.1.1 as a section?

Yes, please, and add links to corresponding specification sections to the text.

@miqui
Copy link
Contributor

miqui commented May 29, 2024

@ralfhandl , @handrews I would like to up vote Ralf's suggestion.

@handrews
Copy link
Member

@ralfhandl @miqui I think the only reason this was ever a separate document is that we couldn't insert it into the published documents after the fact.

I agree that we should at least link it, but in most specifications (IETF, W3C, etc.) "Security Considerations" is a section in the document itself. So I'm asking if we should put it in 3.0.4 and 3.1.1 or if there is a reason to keep it separate.

@darrelmiller
Copy link
Member

TDC consensus to move this content into the patch updates. Suggestion to add headings to make it clearer.

@lornajane lornajane removed the review label Jun 4, 2024
@handrews handrews self-assigned this Jun 9, 2024
@handrews handrews added this to the v3.0.4 milestone Jun 9, 2024
@handrews
Copy link
Member

PR merged for 3.0.4 and ported to 3.1.1 via PR #3921!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@handrews handrews

Labels
security: meta Metadata in and about the specification security
Projects
None yet
Milestone
v3.0.4
Development

No branches or pull requests
7 participants
@MikeRalphson @lornajane @darrelmiller @ralfhandl @ioggstream @handrews @miqui