Hi Joel,
Thank you so much for your comments. As with those from Antonis, I'll let the TAC / Chris speak to many of them, but my thoughts on some of the items are below.
Thanks for sending this, I'm looking forward to trying the new portal and seeing its improvements.
Glad to do it! And me too.
- 3.2.1.9: 2FA - can I please request FIDO U2F support?
This is noted. As as mentioned on my last email, ideally multiple forms of 2FA will be available.
- I wondered if prescribing that all work will be in alignment with
open source best practices --- without defining these --- might provide a point of contention later, if a user doesn't like the way something is being done, and given the proposed public nature of the codebase. Given too that best practices tend to be dynamic and that it may require some additional work to bring the codebase into line with this requirement whenever a change is made, it might be worthwhile to soften this expectation slightly without undermining its intent.
I hear what you are saying here. Ultimately the notion of doing this work in the public causing contention due to disagreement about how things are done, is the main reason why some members of our team (including me at times) have been hesitant to do work in the public in general. The truth is, though, that has to change – we value open source, and we hear the call from 44Net members for increased transparency into what we're doing. Making sure that this codebase is public is part of meeting those needs. I agree that it will likely come with some contention, and we must both expect it and take steps to work through it and keep our work productive.
My hope is that we'll have solid guidelines for engagement around our open code bases designed to minimize contention. As stated in the Rust code of conduct:
"Respect that people have differences of opinion and that every design or implementation choice carries a trade-off and numerous costs. There is seldom a right answer."
https://www.rust-lang.org/policies/code-of-conduct
We'll definitely need to employ this kind of philosophy in whatever work we are doing in the public. And like you say, it may be worth softening our expectation in order to be as productive as possible.
- Point 2.1.2.1 may have been intended to enumerate accessibility
standards (there is a hanging colon).
There's just a hanging colon :) Thanks for pointing that out.
I may have missed or misunderstood some sections of the document, in which case I beg your pardon if my suggestions are addressed elsewhere in the document or otherwise moot.
I don't see any misunderstandings :)
The requirements document reads very well and it is clear much thought and work has gone into its production. My thanks to the team behind it who are obviously striving to make the Portal an improved experience for all.
Thanks to you for sharing your thoughts here!
All the best, Rosy