Add Playbooks README.md #79
Conversation
Corrected the CRA Playbook README. Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com>
SecurityCRob
added
documentation
Added an executive summary and clarified roles of Open Source Stewards under the CRA. Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com>
| @@ -0,0 +1,49 @@ | |||
| # LF CRA Playbook # | |||
|
|
|||
There was a problem hiding this comment.
I feel like maybe a one-sentence intro like "This document relates to how LF projects need to do to respond to the European Cyber Resilience Act (CRA)." ... but maybe I'm just over-thinking it.
There was a problem hiding this comment.
I was not deeply involved in the drafting of this (unfortunately), so I can only judge based on this draft here. Please ignore or correct me if I am going off track:
I think you have a point, but I would not limit it to projects by only calling out projects specifically. If is a valid statement that this is a playbook describing how all actors related to Linux Foundation projects respond to the Cyber Resilience Act: projects (contributors), manufacturers (downstream users), and stewards (the Linux Foundation and OpenSSF).
Again, just my 2 cents.
Co-authored-by: Daniel Appelquist <dan@torgo.com> Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com>
Co-authored-by: Daniel Appelquist <dan@torgo.com> Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com>
Co-authored-by: Daniel Appelquist <dan@torgo.com> Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com>
Co-authored-by: Daniel Appelquist <dan@torgo.com> Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com>
|
|
||
| Take free course [Understanding the EU Cyber Resilience Act (CRA) (LFEL1001)](https://training.linuxfoundation.org/express-learning/understanding-the-eu-cyber-resilience-act-cra-lfel1001/) to learn more. | ||
|
|
||
| ## Executive Summary ## |
There was a problem hiding this comment.
My feeling when reading this: This section is already goes in some detail regarding the role of Stewards. In addition, there is a very short section on Stewards further below. So, from a structure perspective, how about moving the heading "Steward" to right after the first paragraph and also more the text from below up here.
| @@ -0,0 +1,49 @@ | |||
| # LF CRA Playbook # | |||
|
|
|||
There was a problem hiding this comment.
I was not deeply involved in the drafting of this (unfortunately), so I can only judge based on this draft here. Please ignore or correct me if I am going off track:
I think you have a point, but I would not limit it to projects by only calling out projects specifically. If is a valid statement that this is a playbook describing how all actors related to Linux Foundation projects respond to the Cyber Resilience Act: projects (contributors), manufacturers (downstream users), and stewards (the Linux Foundation and OpenSSF).
Again, just my 2 cents.
Co-authored-by: Georg Kunz <georg.kunz@ericsson.com> Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com>
Co-authored-by: Georg Kunz <georg.kunz@ericsson.com> Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com>
Co-authored-by: Georg Kunz <georg.kunz@ericsson.com> Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com>
Co-authored-by: Georg Kunz <georg.kunz@ericsson.com> Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com>
Co-authored-by: Georg Kunz <georg.kunz@ericsson.com> Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com>
Co-authored-by: Georg Kunz <georg.kunz@ericsson.com> Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com>
Co-authored-by: Georg Kunz <georg.kunz@ericsson.com> Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com>
Co-authored-by: Georg Kunz <georg.kunz@ericsson.com> Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com>
Co-authored-by: Georg Kunz <georg.kunz@ericsson.com> Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com>
Corrected the CRA Playbook README.