Date
1 - 5 of 5
New GitHub repo created for the EdX course on "Secure Software Development Fundamentals” - file issues here!
|
All:
Per our discussion today, we now have a new GitHub repo for the EdX course on "Secure Software Development Fundamentals”. If you have thoughts about the course, please file an issue here: --- David A. Wheeler |
|
|
|
brandonc@...
I missed the discussion that led to this, but would certainly like to contribute. Unity open-sourced our internal SSDLC guidance, since this is an area I think we need more content available to the community.
|
|
|
|
On Oct 20, 2020, at 1:15 PM, brandonc@... wrote:
I missed the discussion that led to this, but would certainly like to contribute. Unity open-sourced our internal SSDLC guidance, since this is an area I think we need more content available to the community. Great! The material is currently in a Google docs document because that enabled a lot of real-time collaboration. We could just download it in OpenDocument text (.odt) format and post that on GitHub. But that may make future collaboration hard to track. I’ve been thinking of converting the Google document to Markdown, and then posting the Markdown into its corresponding GitHub repo. There’s at least one add-on for doing that conversion <https://iainbroome.com/how-to-convert-a-google-doc-to-markdown-or-html/>. I don’t know how much further work it’d take to make that useful afterwards. In particular, it’s not clear how well that handles figures. Some manual one-time cleanup may be necessary :-(. But if we can work that out well enough, we could then post the markdown in its GitHub repo here: <https://github.com/ossf/secure-sw-dev-fundamentals>. Markdown would make version control easier (people could see the exact changes made & by who). Do people agree that converting the content to Markdown & posting to GitHub would be worthwhile? I prefer to work DRY, but our education folks say that they’ve experienced a lot of pain trying to work that way. So I think we’ll need to track changes made to the GitHub posted version, and make sure they end up in the EdX version as well. EdX *can* make changes at any time (e.g., for typos), but they strongly prefer only making “big” changes once a year or so. Basically make changes in GitHub, then have an annual manual sync to update the EdX version. That’s not my preferred approach, but I think it can work, and I don’t have the battle scars from trying to do it any other way. As noted in the README, the informational content is released under the Creative Commons Attribution License (CC-BY) version 4.0, so you can reuse it in many ways. There are some exceptions: we quote other material (such as from xkcd) which are under their own licenses, and to counter cheating we do not release certain testing materials this way. --- David A. Wheeler |
|
|
|
Ware, Ryan R
On Tue, Oct 20, 2020 at 11:16:05, David Wheeler wrote:
Cc: openssf-wg-best-practices@...<snip> Do people agree that converting the content to Markdown & posting toI'm happy with either solution but I would suggest having it all in one place would be best. I'm guessing from what I see that people would lean towards GitHub for that, but whatever people think. Ryan |
|
|
On Tue, Oct 20, 2020 at 11:16:05, David Wheeler wrote:...Do people agree that converting the content to Markdown & posting to On Oct 26, 2020, at 6:17 PM, Ware, Ryan R <ryan.r.ware@...> wrote:The *easy* solution for me is to leave it on Google docs; I’m always happy to do things the easy way :-). I’m also *guessing* that people will want it converted to Markdown & posted on GitHub. However, since that’s work, I’d like some confidence that the conversion is desired. Who would prefer that the material stay on Google docs? Who would prefer it as Markdown on GitHub? Should I put up a Doodle poll? BrandonC: I’ll separately send you access to the Google doc version. Please don’t try to make suggestions on it yet, since we *might* be about to do a conversion. I don’t want your suggestions lost :-). --- David A. Wheeler |
|
|