Skip to content

Commit

Permalink
Mandate a 'Security Considerations' section on MSCs
Browse files Browse the repository at this point in the history
And link to lists of possible problems to think about.
This is part of an effort to improve the overal security
of Matrix during the design process.
  • Loading branch information
kegsay committed Sep 24, 2024
1 parent f633d30 commit 0be2dbe
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion MSC_CHECKLIST.md
Original file line number Diff line number Diff line change
Expand Up @@ -42,9 +42,9 @@ clarification of any of these points.
- [ ] Proposal text
- [ ] Potential issues
- [ ] Alternatives
- [ ] Security considerations
- [ ] Dependencies
- [ ] Stable identifiers are used throughout the proposal, except for the unstable prefix section
- [ ] Unstable prefixes [consider](README.md#unstable-prefixes) the awkward accepted-but-not-merged state
- [ ] Chosen unstable prefixes do not pollute any global namespace (use “org.matrix.mscXXXX”, not “org.matrix”).
- [ ] Changes have applicable [Sign Off](CONTRIBUTING.md#sign-off) from all authors/editors/contributors
- [ ] There is a dedicated "Security Considerations" section which detail any possible attacks/vulnerabilities this proposal may introduce, even if this is "None.". See [RFC3552](https://datatracker.ietf.org/doc/html/rfc3552) for things to think about, but in particular pay attention to the [OWASP Top Ten](https://owasp.org/www-project-top-ten/).

0 comments on commit 0be2dbe

Please sign in to comment.