Skip to content

Add security and privacy policies for extension development #378

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
martin-helmich wants to merge 5 commits into
base: master
Choose a base branch
from
Draft

Add security and privacy policies for extension development #378

martin-helmich wants to merge 5 commits into from

Conversation

@martin-helmich
Copy link
Member

@martin-helmich martin-helmich commented Jan 14, 2025

This PR adds a security and a privacy policy for marketplace extension development.

Still missing:

  • German translation
  • mittwald security team approval

@martin-helmich martin-helmich force-pushed the feature/security-privacy-policy branch from eb578e6 to db948db Compare January 14, 2025 15:07
martin-helmich
martin-helmich commented Jan 15, 2025
View reviewed changes
docs/contribution/35-guidelines/20-privacy.mdx

When a user uninstalls an _Extension Instance_, any data stored or processed by the extension related to that extension instance must be securely deleted. This includes:

- User-generated data stored locally or remotely by the extension.
Copy link
Member Author

@martin-helmich martin-helmich Jan 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The "remotely" part of this depends on whether we want to allow extensions to "eject" themselves (i.e. leave any managed resources that they created to be managed by the user themselves, when the extension is installed).

Copy link
Contributor

@freisenhauer freisenhauer Jan 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a delicate topic. We still do not have a solution to enable contributors to "eject" their extension instance.
This is still a trade off situation between lifetime of access tokens and possibility of cleaning up mStudio resources.

Copy link
Member Author

@martin-helmich martin-helmich Jan 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't "ejecting" the default right now? Since the access tokens are revoked before the ExtensionInstanceRemovedFromContext webhook is invoked, there's no possibility to clean up anything (at least, any mStudio resources), anyway.

Copy link
Contributor

@freisenhauer freisenhauer Feb 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah wrong terminology. i meant we currently offer no way of cleaning up the mStudio resources created by the extension, but this topic possibly will get some traction shortly.

docs/contribution/35-guidelines/20-privacy.mdx
When a user uninstalls an _Extension Instance_, any data stored or processed by the extension related to that extension instance must be securely deleted. This includes:

- User-generated data stored locally or remotely by the extension.
- Logs or backups created by the extension during its operation.
Copy link
Member Author

@martin-helmich martin-helmich Jan 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Might be unfeasible in some cases (for example, most extensions will manage all instances in a single deployment unit, meaning that backups and logs will contain data from all instances). Maybe change the wording to something like "should be asserted that backups and logs are deleted eventually"...? 🤔

freisenhauer
freisenhauer reviewed Jan 15, 2025
View reviewed changes
docs/contribution/35-guidelines/20-privacy.mdx

When a user uninstalls an _Extension Instance_, any data stored or processed by the extension related to that extension instance must be securely deleted. This includes:

- User-generated data stored locally or remotely by the extension.
Copy link
Contributor

@freisenhauer freisenhauer Jan 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a delicate topic. We still do not have a solution to enable contributors to "eject" their extension instance.
This is still a trade off situation between lifetime of access tokens and possibility of cleaning up mStudio resources.

@martin-helmich @freisenhauer
Update docs/contribution/35-guidelines/10-security.mdx
ef877fb 
Co-authored-by: freisenhauer <mail@freisenhauer.de>
Signed-off-by: Martin Helmich <kontakt@martin-helmich.de>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@freisenhauer freisenhauer freisenhauer left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@martin-helmich @freisenhauer