adobe.com
Security Guidelines milo.adobe.com Documentation #2836
Replies: 2 comments 5 replies
-
|
@elaineskpt just to clarify, you're saying that everything just under the docs folder would be behind the VPN right? If we put all milo.adobe.com behind the vpn, then as I've understood it, that would break all our sites because the code gets served from milo.adobe.com/libs As for having the open source code on github, I personally think that's a good thing. My hope would be though that our main focus is keeping the open-source documentation updated vs internal documentation. |
Beta Was this translation helpful? Give feedback.
-
|
No production site should fetch from However, you bring up a great point that this does or at least historically did happen. We would need to ensure only |
Beta Was this translation helpful? Give feedback.
-
|
exactly , and even for the live sites. I thought we just have mapping on the cdn which makes adobe.com/libs points to milo.adobe.com/libs to save on the TLS handshake. But the code is coming from milo.adobe.com at the end of the day (I thought). @auniverseaway would know for sure though. |
Beta Was this translation helpful? Give feedback.
-
|
I checked our CDN configs and we fetch libs from the defined origin itself (the AEM EDS one) not milo.adobe.com. |
Beta Was this translation helpful? Give feedback.
-
|
ok , good to know 👍 and thanks for checking 🙌 |
Beta Was this translation helpful? Give feedback.
-
|
Hi, I've closed the Jira related to this discussion for now, will open a new with the steps for implementation. I would like to follow up on the topic based on the last sync we had.
Questions: @mokimo @narcis-radu @vhargrave @overmyheadandbody @rgclayton @robert-bogos @npeltier |
Beta Was this translation helpful? Give feedback.
-
|
@elaineskpt It would be doable yes. After giving it some thought though, my personal opinion on the matter is that if we have an open source project, then as much documentation as possible should also be open source. Otherwise I don't see the point of us having gone public with it all anyway. I would personally prefer it if we could investigate a different type of approach where we have all the documentation living on milo.adobe.com, but have a way to hide certain content unless a user is signed in. This keeps as much documentation public as possible, but also allows for sensitive data to also be accessible in the same place. That's just my opinion though. If everyone else wants to lock down the whole site then you could create a ticket to do so. |
Beta Was this translation helpful? Give feedback.
-
Jira linked to this Thread https://jira.corp.adobe.com/browse/MWPW-157861
Based on the Security Guidelines, Documentation for Open Source Community should live in Git, where milo consumers have the flexibility to enhance and edit as needed.
The Documentation on milo.adobe.com is mainly for our Internal Author and Projects, having it open for the public will need changes in samples we add, links, groups, images and videos. This stop us from using the Milo Docs as one source and have the need to divide the information in internal wiki pages.
We met with Brian Scott from Security Guidelines for Adobe Open Source and Milo Core Team.
The output from the call is the following:
With this change extra wiki pages for non-public information will not be needed and we have one source for whole Authoring Docs.
Goal of these changes:
@narcis-radu @mokimo @overmyheadandbody @vhargrave @robert-bogos @npeltier
Beta Was this translation helpful? Give feedback.
All reactions