Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update README #1315

Merged
merged 1 commit into from
Aug 20, 2024
Merged

Update README #1315

merged 1 commit into from
Aug 20, 2024

Conversation

jamesmaa
Copy link
Collaborator

  • Introduce Microsoft Edge badge
  • Change all the badge styles to be larger
  • Remove OpenSSF Scorecard, kind of useless
  • Remove "Changes" section. We've made over 900+ commits to Yomitan now, I would consider it stable

Preview
image

@jamesmaa jamesmaa requested a review from a team as a code owner August 20, 2024 18:15
@jamesmaa jamesmaa enabled auto-merge August 20, 2024 18:35
@jamesmaa jamesmaa added this pull request to the merge queue Aug 20, 2024
Merged via the queue into yomidevs:master with commit e67f25a Aug 20, 2024
10 of 11 checks passed
@jamesmaa jamesmaa deleted the update-icons branch August 20, 2024 19:04
@Kuuuube Kuuuube added the area/documentation The issue or PR is about documentation label Aug 20, 2024
@djahandarie
Copy link
Collaborator

Is OpenSSF useless...? If the security of the repo degrades in some way (which is really trivial because it's so easy to make mistakes on GitHub due to its trash security UX), it could lead to something catastrophic like the the web store access keys being stolen and a malicious version of the extension getting pushed, followed by getting banned from the store.
It is important to have closed-loop control on security (aka having some sensor which someone is looking by at make sure things are okay instead of just hoping) so I recommend having this information highly visible somewhere.

@jamesmaa
Copy link
Collaborator Author

I agree security of the repo is really important. I'm not sure whether having a badge on the README is the right feedback loop to surface security issues. I haven't really looked at the OpenSSF badge and I doubt other people look at it either. If this is the only way to surface security issues in a timely manner, then I suppose we should put it back. But if there are other alternatives, maybe we can look at those.

It's low-cost UX cost to have it so ig I can put it back in the meantime while we pursue alternatives

@djahandarie
Copy link
Collaborator

Having a comment posted on PRs when the score decreases compared to master would be another nice feedback loop to have. Though I'm not sure if OpenSSF scorecard supports analyzing branches like that, it might only work on master. In which case it'd need to be a post-merge comment where it somehow finds the PR that caused the score drop in order to leave a comment there

@Kuuuube
Copy link
Member

Kuuuube commented Aug 20, 2024

https://securityscorecards.dev/#use-cases

"Scorecard can be included in the continuous integration/continuous deployment processes using the GitHub action and run by default on pull requests."

They say it's possible.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/documentation The issue or PR is about documentation
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants