Initial cut at a "developer landing page"

[david-a-wheeler]

I'm sure I'm missing thing and much needs to be improved, but this is a first cut at creating a "landing page" for developers.

I tried to use the "best links available" but some resources don't have a helpful and easy "here's how to get started using this" page. So I did what I could, and this should spur on fixing that.

[david-a-wheeler]

This is an initial start at a "maintainer landing page" as mentioned in TAC issue 169. I'm sure more needs doing. I used the term "developer" instead of "maintainer" because many of our materials apply to software developers more generally, not just maintainers.

Comments are welcome!

[ctcpip]

looks great! 🙌

[ctcpip]

just a few lint fixes and good to go

/github/workspace/docs/developer.md:9:97 MD049/emphasis-style Emphasis style should be consistent [Expected: underscore; Actual: asterisk]
/github/workspace/docs/developer.md:15:222 MD049/emphasis-style Emphasis style should be consistent [Expected: underscore; Actual: asterisk]
/github/workspace/docs/developer.md:21:45 MD049/emphasis-style Emphasis style should be consistent [Expected: underscore; Actual: asterisk]

[ctcpip]

need to rebase this branch from main to fix the lint config

[ctcpip]

you just needed to rebase/merge from main to get the markdownlint file, the file was there in the correct place, but I guess this is fine too

[webchick]

Oh, wow! 🤩 Thank you so much for taking this on! I can already tell you that this one single page would've probably cut a good weekend and a half off my initial "What the heck does OpenSSF do?" inquiry. :) I also learned of a bunch more things I didn't even find my first go-around.

One thing to maybe think about here is the "call to action(s)" on this page. Right now, it's directing them to read the website to learn more about the OpenSSF. This is fine as a default, but something to think about might be "In an ideal world, how would you want them to more actively engage with you?" (Join the Slack/Mailing lists? Come to a town hall? Take a questionnaire/survey? etc.)

[david-a-wheeler]

@webchick - fair comment. Ask and ye shall receive. I added some text at the end that I hope responds to your comment. Thoughts?

[webchick]

Amazing! :D 🚢 it, as far as I'm concerned! Thanks so much for taking this on! :D

[david-a-wheeler]

During the WG meeting there was a discussion about adding "calendars/events". After further thinking about this, I strongly recommend we do NOT embed any calendars or events, and at most have a link to OpenSSF events and a link to OpenSSF calendars.

Many software developers are not looking for new meetings or events to add to their calendars. They also aren't looking for a list of resources that might be available in the future.

Instead, I think they are trying to get a job done, and they are looking for materials to help them get the job done. I think a "developer-focused" page needs to list only the materials we think they could use directly, like educational materials on how to develop secure software, guides relevant to tool developers, tools relevant to developers, that sort of thing. I think it's fine if at the bottom we tell them "how to get involved in the OpenSSF" - I think that kind of thing is common. But I think we need to focus on their needs, and simply provide a few links to other materials in case they're interested.

Thoughts?

[david-a-wheeler]

I've added more information, including a link to the OpenSSF public calendar.

I think we should NOT add any more about the OpenSSF on this page. This page is to help developers develop secure software, it's not to help developers join the OpenSSF. Of course, we do want some to join, and I think the links here will make that easy.

But the point of this page is to help developers, and I think focusing on its purpose will yield a better result.

Thoughts? Are we ready to merge?

[caabernathy]

The OpenSSF calendar can be overwhelming. If there was a way to filter the calendar somehow that would help.

Perhaps events can be promoted through Slack channels / mailing lists / social media. I do know developers who like to know what's happening that they should be paying attention to.

[david-a-wheeler]

@caabernathy -

The OpenSSF calendar can be overwhelming.

100% agree :-). In fact, that's why I think at most a link belongs on this developer landing page and nothing else. We should try to keep this page focused on the needs of busy developers, and then provide a few simple links in case they're interested in learning more.

If there was a way to filter the calendar somehow that would help.

That'd be great. I think It should be easily or automatically maintained once it's set up, and have a URL that we can just point people to from this and other pages.

SO: I suggest that a new issue be created about "making events easier to find". Once we resolve that, we'll add a hyperlink from this "developers" page to that location about resolves this other issue. I don't think we should hold up release of this initial developer landing page while working to resolve this separable challenge.

@caabernathy - Would you be willing to create this new issue & try to explain what's needed? Perhaps with a recommended solution? I'm guessing it could at least start in the best practices WG, but it doesn't need to be there.

Thanks!!

[david-a-wheeler]

I've linked to event information for those who are interested, but I've also tried to keep this "developer landing page" focused on what a busy developer wants to know ("what resources do you have for me?"). So I think I've resolved all outstanding issues, at least enough to merge it (there are always improvements one can make).

Anyone think this is ready for merge? If not, please explain what's wrong so we can fix it!

[webchick]

(For anyone else looking for a quick way to review the page contents, click here: https://github.com/ossf/wg-best-practices-os-developers/blob/initial_developer_landing_page/docs/developers.md)

There's just one small thing I found, which is that first link:

_by the [Open Source Security Foundation (OpenSSF)](https;//openssf.org)_

...has a semi-colon (;) not a colon (:) in the URL. 🙈

Additionally, you might want to add a one or two sentence blurb at the top for "what is the OpenSSF and why do I as a developer care" but not strictly necessary, since once that link is fixed they can click to learn more.

Anyway, apart from that, this text has only improved since the last time I reviewed it. Looks great to me, and I love your thinking through this from the developer's lens and what information will be most relevant to them. <3

The page covers:

• Pointer to free security training
• Pointers to various "quick start" guides
• Pointers to best practices and how to get your project to follow them
• Pointers to various tools/automations to help secure software
• List of ways to engage with OpenSSF for those who want to go further
• The topics are organized according to the resources they offer vs. the internal working group they're under 👍

Awesome work! :D

[david-a-wheeler]

Thanks everyone! I'm separately fixing the URL (semicolon should be colon).