Horizontal reviews

[tobie]

The TSC is currently organizing how to do horizontal reviews for security, privacy, and accessibility.

This is something where the input of the AC is really important.

[tobie]

Should we split that up in three separate issues? LMK.

[LJWatson]

Suggest we keep them together for the moment. Once we have a basic process, it might be worth splitting them out to focus on the differences, but for now we should get the basics in place.

I've had to request access to the thing about horizontal review you linked to BTW.

[tobie]

I've had to request access to the thing about horizontal review you linked to BTW.

Tracking here: #9

[tobie]

I've had to request access to the thing about horizontal review you linked to BTW.

Tracking here: #9

OK, so that's been solved for the minutes of every meeting but this one.

[cramforce]

Meeting notes are published here https://github.com/ampproject/meta-tsc/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22TSC+Meeting%22+ (for now not including the first meeting, because there we hadn't decided to publish them yet)

[tobie]

I'm folding issue #8 into this one, as we've agreed during our 2019-01-29 call that both had similar enough process requirements to do so.

#8 is a request coming from the TSC to:

Make recommendation how to represent vertical concerns (publishing, e-commerce) in working groups.

There's two parts to this:

1. input for the roadmap, and
2. review of what's coming out of development (e.g. making sure that concerns of the different verticals are met or know to be out of scope when new features ship).

[tobie]

A good first step here would be to figure out what is already being done in terms of horizontal reviews.

What process have been set up, if any?

What WG are in charge of them?

Are there specific labels applied to those issues? Pull request / issue templates? Etc.

@sumodas, @levidurfee can you split-up the work between you and report here?

[tobie]

@sumodas: would love to assign you too 😈, but I can't until you accept to join the ampproject organization.

[levidurfee]

Thanks, @tobie ! I'll spend some time on this issue over the weekend :)

[tobie]

(Sorry for re-assigning you, @levidurfee. I wanted to add @sumodas, but he's not a member of the org yet. So there must be some weird UI-issue where that reset the assignees altogether.)

[levidurfee]

Security

It looks like LGTM is used to for security analysis. I didn't see any labels for security.

Privacy

I couldn't find anything in regards to how privacy is handled. I didn't see any labels for privacy.

Accessibility

There is a label for accessibility. Requiring all amp-modules be tested by lighthouse is brought up in issue #19281.

[tobie]

We discussed this issue on our last call, but don't have a lot of notes for it.

I think what we'd want to end-up with here, is state-of-the-art solution for making sure that these various horizontal and vertical concerns are formally brought up and addressed when new features are suggested (or important changes are made to existing ones).

This probably involves:

• some process changes,
• some related changes e.g. to pull request templates,
• additions to the responsibilities of certain WG,
• the creation of dedicated working groups for verticals (similar to W3C interest groups),
• etc.

Good examples that come to mind of horizontal reviews occur in Chromium during Intent to Implement and Intent to Ship phases (see for example the bug template which includes a list of horizontal teams that need to approve it).

W3C also has similar solutions with:

• TAG reviews,
• reviews by interest groups (which tend to represent industries, e.g.: automotive, mobile, TV, etc.),
• Accessibility reviews,
• etc.

I believe our deliverable should be an "opinion" for the TSC in the form of a problem statement (ideal, reality, consequence, proposal).

We should set some time on the agenda in London to move forward with this.

[tobie]

@sumodas can you join us by VC during the London F2F to discuss this? If so, could you please add this topic to one (or two?) agenda slots in #22? All times are London times.

[tobie]

Some updates to this issue in the London F2F minutes on the accessibility front in particular:

• reach out to TSC/Accessibility WG and ask for audit of existing components.
• reach out to TSC/Documentation WG to ask for related improvements to documentation.
• organize meeting with a11y WG. Either invite them to AC meeting or join one of their calls (@tobie).
• author review requirements for a11y. Share them with the TSC/a11y WG.
• reach out to TSC to ask for list of privacy/security requirements required to ship a new feature.

[tobie]

Additional updates from the London F2F on the verticals groups:

• Vertical groups could be AC, while horizontal review is clearly TSC.
• Goal is to be more inclusive
• The AC suggests W3C-inspired "interest groups."
• Open membership
• Conversations are public (or Chatham House Rule)?
• How do we create a group?
• Non-binding advisory role
• Similar creation requirements as working groups
• AC responsible? Still TBD

@tobie to:

• formalize proposal,
• get it approved by AC, and
• send it to TSC for consideration.