... | ... | @@ -47,6 +47,19 @@ |
|
|
<!-- a good guide to "audit" an existing project's design: -->
|
|
|
<!-- https://bluesock.org/~willkg/blog/dev/auditing_projects.html -->
|
|
|
|
|
|
<!-- things to evaluate here:
|
|
|
* services
|
|
|
* storage (databases? plain text files? cloud/S3 storage?)
|
|
|
* queues (e.g. email queues, job queues, schedulers)
|
|
|
* interfaces (e.g. webserver, commandline)
|
|
|
* authentication (e.g. SSH, LDAP?)
|
|
|
* programming languages, frameworks, versions
|
|
|
* dependent services (e.g. authenticates against LDAP, or requires
|
|
|
git pushes)
|
|
|
* deployments: how is code for this deployed (see also Installation)
|
|
|
|
|
|
how is this thing built, basically? -->
|
|
|
|
|
|
## Issues
|
|
|
|
|
|
<!-- such projects are never over. add a pointer to well-known issues -->
|
... | ... | @@ -58,10 +71,18 @@ There is no issue tracker specifically for this project, [File][] or |
|
|
[File]: https://gitlab.torproject.org/tpo/tpa/team/-/issues/new
|
|
|
[search]: https://gitlab.torproject.org/tpo/tpa/team/-/issues
|
|
|
|
|
|
## Maintainer, users, and upstream
|
|
|
|
|
|
<!-- document who deployed and operates this service, who the users -->
|
|
|
<!-- are, who the upstreams are, if they are still active, -->
|
|
|
<!-- collaborative, how do we keep up to date, -->
|
|
|
|
|
|
## Monitoring and testing
|
|
|
|
|
|
<!-- describe how this service is monitored and how it can be tested -->
|
|
|
<!-- after major changes like IP address changes or upgrades -->
|
|
|
<!-- after major changes like IP address changes or upgrades. describe -->
|
|
|
<!-- CI, test suites, linting, how security issues and upgrades are -->
|
|
|
<!-- tracked -->
|
|
|
|
|
|
## Logs and metrics
|
|
|
|
... | ... | @@ -84,7 +105,25 @@ There is no issue tracker specifically for this project, [File][] or |
|
|
<!-- describe the overall project. should include a link to a ticket -->
|
|
|
<!-- that has a launch checklist -->
|
|
|
|
|
|
<!-- if this is an old project being documented, summarize the known -->
|
|
|
<!-- issues with the project. to quote the "audit procedure":
|
|
|
|
|
|
5. When was the last security review done on the project? What was
|
|
|
the outcome? Are there any security issues currently? Should it
|
|
|
have another security review?
|
|
|
|
|
|
6. When was the last risk assessment done? Something that would cover
|
|
|
risks from the data stored, the access required, etc.
|
|
|
|
|
|
7. Are there any in-progress projects? Technical debt cleanup?
|
|
|
Migrations? What state are they in? What's the urgency? What's the
|
|
|
next steps?
|
|
|
|
|
|
8. What urgent things need to be done on this project?
|
|
|
-->
|
|
|
|
|
|
## Goals
|
|
|
|
|
|
<!-- include bugs to be fixed -->
|
|
|
|
|
|
### Must have
|
... | ... | |