-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Draft for review of security for plugin developers #4701
base: master
Are you sure you want to change the base?
Draft for review of security for plugin developers #4701
Conversation
Developer docs are entirely separate ( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like that it's shorter with links out to appropriate pages so developers can go to the pages they most care about.
@daniel-beck I would be happy to work on https://www.jenkins.io/doc/developer/security/ with you. I think @MarkEWaite and @dheerajodha are going to fix the doc/developer structure so it works like doc/book. So do I understand you to say that you want the current copy of that developer/security section broken up into smaller files with an index.adoc file that is this shorter "checklist" of topics with links to other docs? That would make sense. And then the doc/book/security/index.adoc file could just mention the doc/developer/security section with a link. Should some of doc/book/security/controller-isolation/required-role-check/ be moved to the doc/developer/security section as well? Or maybe the developer part is already provided in http://localhost:4242/doc/developer/security/remoting-callables/ ? Let's discuss when you have time and then I can implement. |
I reread the content with Daniel's remarks in my head and I think I understand what he wants so I did it:
|
…io into 1107-plugin-authors
Yes, that should be the separation already; if there's developer content on the admin docs, it should be removed; but all content should be admin suitable.
Other than the index page, it already does, kinda? Curious to see how that would look though.
Maybe? Different audiences, so unsure how much of that we need. There are references in the role check doc because it's fairly likely people end up there when things go wrong, so pointing to instructions how to fix (even if implemented by someone else) makes sense IMO. |
The navigation is different for /dev/developer and /dev/book. Specifically:
|
Most pages on jenkins.io have an 'anchor' link next to each header, it's to the right and appears on hover (unlike GitHub's which is to the left). Click it and you jump to the anchor. Explicit anchor definitions from Asciidoc also exist, see e.g. https://github.com/jenkins-infra/jenkins.io/blame/d178e145d26822666ff0040c6a451dbdbbcdffdf/content/_data/upgrades/2-303-3.adoc#L3-L4 to get https://www.jenkins.io/doc/upgrade-guide/2.303/#SECURITY-2458 |
This started as the beginnings of a page that summarizes security issues for plugin developers and maintainers. The concept is that this can serve as a checklist and also that other docs (like the Plugin Devloper Tutorial that is under construction) can link to this page to provide current information so we do not have to maintain these links in multiple places.
The general concept is good but this belongs in /doc/developer rather than /doc/book. This PR moves the current content of /doc/developer/security/index.adoc into a separate security-architecture file/page and starts the summary/checklist material (with links) in index.adoc. See discussion below.
This makes this independent of #4612.
@daniel-beck @Wadeck @MarkEWaite @dheerajodha