Refactor project-coordinates: security_model_link and AI-friendly sources#69
Conversation
…rces Rename the "link" field to "security_model_link" and add a "security_model_source" field that points at an AI-friendly plain-text (raw GitHub) version of the security page. The source is not rendered on the site; it is there for external tooling. - Add project-coordinates.schema.json (JSON Schema; the six core fields are required) and reference it from the data file via a "$schema" key. The page generator now skips "$"-prefixed meta keys. - Normalize every entry to carry the six core fields (null when absent); default the one missing contact to security@apache.org. - Fill security_model_source from raw.githubusercontent.com for GitHub-hosted security pages. - Normalize GitHub SECURITY.md entries to the canonical /security/policy human link, with the raw SECURITY.md as the source. - Regenerate the affected overview and project pages. Assisted-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
raboof
left a comment
There was a problem hiding this comment.
seems reasonable to me.
starting to feel like we'd want to leave out fields that match 'the default' in project-coordinates.json
|
Question: Is that work coordinated with .asf.yaml changes ? https://github.com/apache/infrastructure-asfyaml/pull/105/changes |
|
Cool, I didn't know apache/infrastructure-asfyaml#105 was merged! I believe this answers the question about coordination. 😆 In the long run the plan is obviously to use ATR to download the missing data, but currently there is still a granularity problem: |
|
I can test if project data is synced to ATR, after apache/commons-imaging#555 is merged. |
Renames the
linkfield inscripts/project-coordinates.jsontosecurity_model_link, and adds asecurity_model_sourcefield pointing at an AI-friendly plain-text (raw GitHub) version of each security page. The source is not rendered on the site; it is there for external tooling that prefers text over HTML.Changes
scripts/project-coordinates.schema.json(JSON Schema; the six core fields are required) and reference it from the data file via a$schemakey. The page generator and the DOAP cross-check now skip$-prefixed meta keys.contacttosecurity@apache.org.security_model_sourcefromraw.githubusercontent.comfor GitHub-hosted security pages.SECURITY.mdentries to the canonical/security/policyhuman link, with the rawSECURITY.mdas the source. Entries pointing at other files (THREAT_MODEL.md, *.adoc, deep paths) keep their blob link+source.Verification
py_compileclean; the generator was re-run to produce the page changes.🤖 Generated with Claude Code