Follow RFC 2119 for should/must language in requirements #440
Comments
|
I support this. Although visually clunky, RFC 2119 notation goes a long
way towards clarifying specifications, policies, and other normative
documents. And it will be familiar to network and systems
administrators.
Here's the preamble I used in freedomofpress/securedrop-dev-docs#35:
https://github.com/freedomofpress/securedrop-dev-docs/blob/19e49ddbd165676f0ab98e65d92a1417741bb648/docs/supported_languages.rst?plain=1#L17-L20
|
|
The section on abstract firewall configuration is a good candidate for this language, to differentiate conveniences (to the administrator and the rest of the network) from critical security properties (to SecureDrop). @eloquence, would you like me to take a stab at this as a demonstration? |
|
That makes sense to me, I defer to Kev on relative prioritization :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Certain pages in our documentation, like https://docs.securedrop.org/en/stable/minimum_security_requirements.html, currently do not make it clear whether a requirement must be followed for a SecureDrop installation, or whether it is a recommendation. It would be good to use RFC 2119 language here, and tie these requirements more explicitly to, e.g., SD support and directory inclusion.
The text was updated successfully, but these errors were encountered: