-
Notifications
You must be signed in to change notification settings - Fork 72
Season of Docs 2023 Organization Project Proposal
Update: April 30, 2023
Thank you everyone for your interest in the Sigstore organization's Google Season of Docs project! The hiring committee has made their decision and the technical writer who will be moving forward has been contacted by email. The team plans to announce soon. This was a difficult decision as there were over 130 applicants for only one role. If you have not received an email, you were not selected to join as the hired GSoD technical writer, and the hiring committee is unable to provide individualized feedback. We value all contributions to Sigstore and Sigstore docs. Thank you for being a part of the Sigstore community and working to make open source more secure!
Sigstore offers a new standard for signing, verifying and protecting software. Enabling developers to sign and validate software, Sigstore offers simple solutions through keyless signing and transparency logs so that security can be seamlessly integrated into the development process. Sigstore offers a suite of technologies that include Cosign for signing software artifacts, the Fulcio certificate authority, the Rekor transparency log, Gitsign for signing Git commits, and policy-controller to enforce policies on Kubernetes clusters based on verifiable supply-chain metadata. These tools can be used independently, or as one single process, for a holistic approach to open source security.
Since its founding in 2020, over 1,000 developers have contributed to Sigstore to date, and there have been over 16 million entries of software artifact signatures logged in the Rekor transparency log. Additionally, a number of package managers, including npm and PyPI, have committed to adopting Sigstore in order to build increased trust and transparency in their respective software ecosystems. Offering a wax seal of security in the digital era, Sigstore has become a popular addition to the developer toolkit.
Sigstore is a security tool that is being increasingly adopted by the developer community. Over the past few months, there have been a number of major improvements, including new versions of existing tools, and new tool development. While these developments have been exciting, our documentation site has not been equipped to keep up. As we are moving into more language communities, through the npm and PyPI adoption of Sigstore, it is crucial that our documentation is easy to understand by all developers, not just those with a background in security. We have already done an audit of the documentation, but can benefit from the perspective of those who are new to Sigstore to support the update and reorganization process.
The key objectives of this project are:
- Onboard to Sigstore while keeping a friction log.
- Update and test documentation against current versions of Sigstore tools.
- Review friction log to make recommendations, and get buy-in from community members on a documentation reorganization.
- Create user-friendly on-ramps to Sigstore.
The major documentation goals of this project are:
- Support the onboarding of new developer-users to Sigstore.
- Serve as reference material for experienced Sigstore developer-users.
- Expand documentation based on reorganization.
Work that is out-of-scope for this project:
- Long-term, Sigstore would benefit from processes to ensure that documentation does not go out of date, but building a process is beyond the scope of this project.
The project will be successful if the Sigstore docs are updated and effectively reorganized, thus enabling both new and experienced users to leverage Sigstore effectively. The following metrics will indicate that our project is a success:
- Decrease in user help-related messages on the Sigstore Slack due to outdated docs
- Decrease the amount of drifting-away contributors (based on Linux Foundation Insights)
- Monthly new unique visitor counts to documentation increase by at least 10%
- Monthly returning visitor counts to documentation increase by at least 10%
- At least 2 new contributors filing issues or making a pull request to Sigstore documentation
The project will take approximately six months to complete. After the technical writer is hired, we'll begin with orientation and onboarding (including asking the technical writer to keep a friction log). Once the technical writer is settled in, they will jump into updates, reorganizing, and expanding the Sigstore docs.
| Month | Action Items |
|---|---|
| May | Technical writer orientation, including software setup and onboarding with a friction log, begin updates |
| June | Complete all technical updates on current docs to ensure recent software changes are reflected in documentation |
| July | Review current organization against friction log, make recommendations for new organization, and socialize with the community |
| August | Implement reorganization with feedback from community, note any missing documentation |
| September | Complete reorganization by filling in with any missing documentation that completes the new organization |
| October | Test the updates and new organization, make any needed corrections |
| November | Project completion, case study, and evaluation |
| Budget item | Amount | Running Total | Notes/justifications |
|---|---|---|---|
| Technical writer | 15,000.00 | 15,000.00 | 20 hours a week, 26 weeks = $28.85 per hour |
Lisa Tagliaferri is the maintainer of Sigstore docs and will serve as a mentor and community liaison. The technical writer working with Sigstore docs will be part of a growing community of Sigstore contributors, and will benefit from the knowledge of the extended community. They will be invited to join Sigstore community calls twice a month.
If you would like to apply to be the technical writer working on Sigstore Docs through Google Season of Docs, please apply via the application link at https://links.sigstore.dev/GSoD.