Improvement for k8s.io/docs/concepts/security/security-checklist/

[rafael-f]

The disabled property of the checkbox inputs on this page could be removed to make them interactible.

[k8s-ci-robot]

This issue is currently awaiting triage.

SIG Docs takes a lead on issue triage for this website, but any Kubernetes member can accept issues by applying the triage/accepted label.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[utkarsh-singh1]

I agree to the decision to make it more intractable, but I want to make let users understand more about this page and what it provides.

[utkarsh-singh1]

As the statement at the top of the docs says -

This checklist aims at providing a basic list of guidance with links to more comprehensive documentation on each topic. It does not claim to be exhaustive and is meant to evolve.

But checklist does not seem to work and some of the explanation to the checklist topics are present already with their links to the relative document.

[sftim]

/priority awaiting-more-evidence

Why do we want people to check these items? The original intend was that they wouldn't be able to.

[rafael-f]

If you can check the items you can more easily navigate away to study each of the topics then come back, check it, and move to the next one. Similarly to what online courses usually do.

When you see a checklist you expect to be able to check the items, otherwise it's just a bullet list.

If it's feared that users might confuse the list from a suggested list to a extensive list then renaming the page and removing the checkboxes could be a better way.

[utkarsh-singh1]

Why do we want people to check these items? The original intend was that they wouldn't be able to.

Well, means we can remove the checkbox as @rafael-f also stated.

[divya-mohan0209]

@rafael-f @utkarsh-singh1 : While I get the human need to tick off things, the checklist on the K8s website serves as guidance with links to more information, not as a list of things that SHOULD be done interactively since Kubernetes security isn't one-size fits all.

This is why we've a note on the page stating, "Checklists are not sufficient for attaining a good security posture on their own. A good security posture requires constant attention and improvement, but a checklist can be the first step on the never-ending journey towards security preparedness. Some of the recommendations in this checklist may be too restrictive or too lax for your specific security needs. Since Kubernetes security is not "one size fits all", each category of checklist items should be evaluated on its merits."

If there are technical errors or design flaws that you'd like to improve on this or any other page, we're happy to consider them. Please make sure you raise an issue with all relevant details.

Given that the lack of interactivity on the website is intentional, I'll be closing this as a non-issue.

/close