Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
Wiki Replica
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Container Registry
Model registry
Operate
Environments
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
The Tor Project
TPA
Wiki Replica
Commits
fe72c49d
Unverified
Commit
fe72c49d
authored
4 years ago
by
anarcat
Browse files
Options
Downloads
Patches
Plain Diff
explicitely import the audit questions in the template
This still needs work.
parent
9d2245ae
No related branches found
Branches containing commit
No related tags found
No related merge requests found
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
howto/template.md
+40
-1
40 additions, 1 deletion
howto/template.md
with
40 additions
and
1 deletion
howto/template.md
+
40
−
1
View file @
fe72c49d
...
...
@@ -47,6 +47,19 @@
<!-- a good guide to "audit" an existing project's design: -->
<!-- https://bluesock.org/~willkg/blog/dev/auditing_projects.html -->
<!-- things to evaluate here:
*
services
*
storage (databases? plain text files? cloud/S3 storage?)
*
queues (e.g. email queues, job queues, schedulers)
*
interfaces (e.g. webserver, commandline)
*
authentication (e.g. SSH, LDAP?)
*
programming languages, frameworks, versions
*
dependent services (e.g. authenticates against LDAP, or requires
git pushes)
*
deployments: how is code for this deployed (see also Installation)
how is this thing built, basically? -->
## Issues
<!-- such projects are never over. add a pointer to well-known issues -->
...
...
@@ -58,10 +71,18 @@ There is no issue tracker specifically for this project, [File][] or
[
File
]:
https://gitlab.torproject.org/tpo/tpa/team/-/issues/new
[
search
]:
https://gitlab.torproject.org/tpo/tpa/team/-/issues
## Maintainer, users, and upstream
<!-- document who deployed and operates this service, who the users -->
<!-- are, who the upstreams are, if they are still active, -->
<!-- collaborative, how do we keep up to date, -->
## Monitoring and testing
<!-- describe how this service is monitored and how it can be tested -->
<!-- after major changes like IP address changes or upgrades -->
<!-- after major changes like IP address changes or upgrades. describe -->
<!-- CI, test suites, linting, how security issues and upgrades are -->
<!-- tracked -->
## Logs and metrics
...
...
@@ -84,7 +105,25 @@ There is no issue tracker specifically for this project, [File][] or
<!-- describe the overall project. should include a link to a ticket -->
<!-- that has a launch checklist -->
<!-- if this is an old project being documented, summarize the known -->
<!-- issues with the project. to quote the "audit procedure":
5.
When was the last security review done on the project? What was
the outcome? Are there any security issues currently? Should it
have another security review?
6.
When was the last risk assessment done? Something that would cover
risks from the data stored, the access required, etc.
7.
Are there any in-progress projects? Technical debt cleanup?
Migrations? What state are they in? What's the urgency? What's the
next steps?
8.
What urgent things need to be done on this project?
-->
## Goals
<!-- include bugs to be fixed -->
### Must have
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
