| 27 Nov 2024 |
 crertel | I was asking for a plan, and the information you just gave me--which would've been helpful to have on a comment on that PR--is a big help. Thank you! | 01:42:05 |
| crertel | There's another philosophical question which is: would it be a good idea to put security right on the navbar? My personal bet is yes, because:
- there was a semi-high-profile kerfluffle earlier this year and not having an obvious single touchpoint seems to have hurt there.
- more generally (outside of internal NixOS stuff), one of the hugely useful things about using NixOS is supply chain integrity and other things of interest to security-conscious users.
| 01:45:33 |
 hexa |
there was a semi-high-profile kerfluffle earlier this year and not having an obvious single touchpoint seems to have hurt there.
Uh … what?
| 01:46:31 |
| hexa | I don't mind whether it is down there or up there, but the start page mentions security a bit too much | 01:47:15 |
| hexa | 
Download image.png | 01:47:18 |
| hexa | moving it up would improve the tab order | 01:47:36 |
| crertel | Sure, and we could probably stand to ditch a tab or two as well...it is a little busy. | 01:48:02 |
| crertel | (and again, I'm not wed to this, just kicking around an idea) | 01:48:19 |
 avocadoom | Hmmm, at some point we maybe should consider some kind of drop down menu for the main nav, otherwise this would clog up a lot | 01:49:01 |
| crertel | 
Download image.png | 01:49:27 |
| crertel | so that's what we have right now | 01:49:31 |
| avocadoom | Yup | 01:51:25 |
| crertel |
- download seems important since it's where you get nixos
- values seems important given the last year...after things settle down maybe it could be moved
- community...lots of important stuff there but it's all bunched together (and another PR I put out there to answer somebody's idea would split it into yet another tab, teams)
- blog refers to something that changes...maybe every couple of months?
- donate is important because money
- explore...is a whole thing and I'm not sure learn doesn't already encompass it
| 01:52:07 |
| crertel | and like, I know folks put effort into these pages at one time or another, so I don't want to just bulldoze that | 01:52:29 |
| crertel | but uh, there's some prime real estate that could probably use redevelopment | 01:52:42 |
| crertel | back to the security thing, my issues with the current team page are basically:
- it currently reads as "here's information about the security thing", instead of a more directly actionable "if you want to do x, go to y; if you want report z, email w"
- it currently suggests that private reports should go directly to humans (instead of an email alias), which has the obvious problems of "what happens if the human selected is slow to respond for whatever reason?", "what happens if the second person is slow to respond?", "what record exists outside of their email account that yes, indeed, somebody did report an issue?"
- having three different places to look for security is suboptimal--security tends not to be partition tolerant, and if I can't find what I need in the first two places why am I going to spend time on a third?
Of these, the easiest fix is the first--the second requires a bit more coordination and the third would be a big change over on the security team I think. So, I was just trying to pull on the first thread mainly.
| 01:59:28 |
