generated from ossf/project-template
-
Notifications
You must be signed in to change notification settings - Fork 52
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #422 from rubycentral/update-2024-09
Ruby Central: Update September 2024
- Loading branch information
Showing
2 changed files
with
45 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| # Update 2024-09 | ||
|
|
||
| ## Organizations | ||
|
|
||
| We are making steady progress and continue to aim for the end of November to have the feature ready for users. | ||
|
|
||
| ### Maintainer Role | ||
|
|
||
| * Maintainer role code is ready to merge pending documentation for using the featuer. | ||
| * We will publish the feature along with the documentation when both are ready. | ||
|
|
||
| ### Organizations | ||
|
|
||
| * The onboarding model, supporting a user to create an organization, is in progress. | ||
| * As we work on implementing the details of the onboarding process, we are working through some of the implications of the design. | ||
| * The organization designs are partially implemented on the site. | ||
| * The organization designs incorporate our new design templates and add highly requested features like dark mode and an improved user interface that highlights more important information. | ||
| * We will begin rolling out the new design template with the organizations feature. | ||
|
|
||
| ### Next steps: | ||
|
|
||
| * Finish the pages for viewing an organization. | ||
| * Continue work on the onboarding process and ability to edit and manage the organization. | ||
| * Start adding test users once the permission system and organization pages are ready. | ||
|
|
||
| ## Audit | ||
|
|
||
| The audit is completed and the draft report was delivered September 9th, 2024. | ||
|
|
||
| * We have reviewed the report with the Trail of Bits team. | ||
| * The report details 33 findings, mostly low severity or informational. | ||
| * 7 findings were considered medium severity, and 1 finding was labeled high severity. | ||
| * Samuel and the rest of the team have taken the findings and are responding with fixes and/or explanations that explain why a fix is not necessary. | ||
|
|
||
| One important finding of this audit is that our effort to continue to convert our infrastructure to Terraform would pay large dividends in security. | ||
| However, this project is a large undertaking that will require a larger monetary and time investment above and beyond the baseline maintenance supported by our current funding. | ||
|
|
||
| ### Next steps: | ||
|
|
||
| * Addressable security concerns will be remediated and fixes deployed. | ||
| * A response document is being drafted that responds to each finding. | ||
| * When we are ready to mark each of the items as complete, we will contract with ToB for a further fix review. | ||
| * After the fix review is incorporated into the report, we will coordinate with ToB to publish the report. |