Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add security and privacy policies for extension development #378

Draft
wants to merge 5 commits into
base: master
Choose a base branch
from
Draft

Add security and privacy policies for extension development #378

wants to merge 5 commits into from

Conversation

martin-helmich
Copy link
Member

This PR adds a security and a privacy policy for marketplace extension development.

Still missing:

  • German translation
  • mittwald security team approval

@martin-helmich martin-helmich force-pushed the feature/security-privacy-policy branch from eb578e6 to db948db Compare January 14, 2025 15:07
martin-helmich
martin-helmich commented Jan 15, 2025
View reviewed changes
docs/contribution/35-guidelines/20-privacy.mdx

When a user uninstalls an _Extension Instance_, any data stored or processed by the extension related to that extension instance must be securely deleted. This includes:

- User-generated data stored locally or remotely by the extension.
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The "remotely" part of this depends on whether we want to allow extensions to "eject" themselves (i.e. leave any managed resources that they created to be managed by the user themselves, when the extension is installed).

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a delicate topic. We still do not have a solution to enable contributors to "eject" their extension instance.
This is still a trade off situation between lifetime of access tokens and possibility of cleaning up mStudio resources.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't "ejecting" the default right now? Since the access tokens are revoked before the ExtensionInstanceRemovedFromContext webhook is invoked, there's no possibility to clean up anything (at least, any mStudio resources), anyway.

docs/contribution/35-guidelines/20-privacy.mdx
When a user uninstalls an _Extension Instance_, any data stored or processed by the extension related to that extension instance must be securely deleted. This includes:

- User-generated data stored locally or remotely by the extension.
- Logs or backups created by the extension during its operation.
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Might be unfeasible in some cases (for example, most extensions will manage all instances in a single deployment unit, meaning that backups and logs will contain data from all instances). Maybe change the wording to something like "should be asserted that backups and logs are deleted eventually"...? 🤔

freisenhauer
freisenhauer reviewed Jan 15, 2025
View reviewed changes
docs/contribution/35-guidelines/10-security.mdx Outdated Show resolved Hide resolved
docs/contribution/35-guidelines/20-privacy.mdx

When a user uninstalls an _Extension Instance_, any data stored or processed by the extension related to that extension instance must be securely deleted. This includes:

- User-generated data stored locally or remotely by the extension.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a delicate topic. We still do not have a solution to enable contributors to "eject" their extension instance.
This is still a trade off situation between lifetime of access tokens and possibility of cleaning up mStudio resources.

@martin-helmich @freisenhauer
Update docs/contribution/35-guidelines/10-security.mdx
ef877fb 
Co-authored-by: freisenhauer <[email protected]>
Signed-off-by: Martin Helmich <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@freisenhauer freisenhauer freisenhauer left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@martin-helmich @freisenhauer