[security-sig] Broken Security Link on Website and general bad discoverability of security related information

Jeremy Stanley fungi at yuggoth.org
Thu Feb 25 18:51:38 UTC 2021 

On 2021-02-25 15:06:33 +0000 (+0000), Jeremy Stanley wrote:
> On 2021-02-25 09:21:17 +0000 (+0000), Sven Kieske wrote:
[...]
> > That the Link to the Security Contacts on the Website is broken:
> > 
> > https://www.openstack.org/openstack-security/ is a 404 for me.
> > 
> > I found the dead link here:
> > 
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-announce
> 
> Thanks, it looks like we were embedding some very old URLs in the
> footer for our mailing list site which pointed to the foundation's
> site for OpenStack rather than the community-managed security
> information. I have proposed https://review.opendev.org/777602 to
> correct this oversight.

The change to correct this is now merged and deployed, so the links
go to the appropriate location. Thanks again for pointing it out.

> > Another "Bug" imho is, that there is no information how to
> > contact the security team on the main website, and the search
> > for "security" does not really yield good results how to contact
> > the security team either.
> 
> I agree, I've brought this up with the foundation web development
> team who maintain that website for us, I'll raise it with them
> again and find out if they can work out something for better
> discoverability. I'm not sure why it keeps disappearing or getting
> moved, but I'll do my best to impress on them that having security
> contact information linked from the most prominent pages (of not
> every page) is important for our users.
[...]

The answer I got was that they used to have a security-related
topics page linked in the drop-down navigation and page footers, but
removed it because it contained some stale content. Unfortunately it
also contained critical links to our community-managed security
information site, which they didn't notice/consider. Huge thanks to
the foundation web developers for quickly readding a link to
https://security.openstack.org/ from the global page footer block
for all of https://www.openstack.org/ so that users should be more
readily able to find this information again.
-- 
Jeremy Stanley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20210225/aed10c8b/attachment.sig>

More information about the openstack-discuss mailing list