Fix the Weekend Warrior Profile to match reality #3
Conversation
Signed-off-by: Thomas Depierre <[email protected]>
| @@ -88,25 +88,22 @@ | |||
| ### Background: | |||
| - I maintain a couple of small packages and contribute new medium size but impactful features to my underlying ecosystem. (Think a compiler optimisation for floats that takes a few months of work and extremely niche knowledge to get right) This is a really common and critical profile. | |||
| - Diana is in a loose network of other niche people doing the same in my ecosystem. | |||
| - Diana has challenges keeping their toolchain and CI systems up-to-date and running and has antiquated security tools to help (e.g. an out of support MFA token) with no adidtional funds to replace. | |||
| - Diana has challenges keeping their toolchain and CI systems up-to-date and running. C was not made for this kind of work, nor are most of the packaging ecosystem, and they have to fight with them all the time. | |||
There was a problem hiding this comment.
C was not made for this kind of work
Is C the programming language or is it supposed to be CI, or something else?
There was a problem hiding this comment.
Personally, I'd prefer to keep this more generic, since Diana exists in literally every programming language/framework ecosystem, not just C, and dependency hell is a very common time-suck.
There was a problem hiding this comment.
I put C because it is, by far, the most impacted and the most critical and everyone has to deal with it at some point. But the follow up of the sentence works too. So yes the programming language and yes we can be really open.
| - Provide assistance in tuning automated tools alerts & outputs. | ||
| - Provide resources & assistance to maintain toolchain (shared secure public services, resources to assist with infrastructure maintenance, and more). | ||
|
|
||
| - Build and update tools and toolchains to be more aligned to the realities of Diana's work. |
There was a problem hiding this comment.
❤️ I love this pragmatic sentence. This is a great north star 🌟 to guide the solutions we think we want to build.
There was a problem hiding this comment.
Note what i am not saying.
I am never talking of security oriented tooling. Because however simple you will make them, they will necessitate maintenance.
And I do not have a budget for maintenance. That means that the only thing you can do is reduce the maintenance cost of my current tools.
Then maybe i will be able to do more.
Note also that it means that to get better security, you need to fix not security oriented tools. That is why i deleted the offered solutions. They ignored that aspect.
As asked in ossf/tac#169 (comment), I read and edited the weekend warrior to fit reality better.