From 8b7bac8da832290653d135fdfd215b1c87b747f3 Mon Sep 17 00:00:00 2001 From: Richard van der Hoff Date: Fri, 23 Jan 2026 16:53:01 +0000 Subject: [PATCH] Address review feedback Tweak the wording of the sections checkbox --- MSC_CHECKLIST.md | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/MSC_CHECKLIST.md b/MSC_CHECKLIST.md index 20f30d9e8..17a1ebfb4 100644 --- a/MSC_CHECKLIST.md +++ b/MSC_CHECKLIST.md @@ -23,22 +23,21 @@ clarification of any of these points. - [ ] Are the [endpoint conventions](https://spec.matrix.org/latest/appendices/#conventions-for-matrix-apis) honoured? - [ ] Do HTTP endpoints `use_underscores_like_this`? - [ ] Will the endpoint return unbounded data? If so, has pagination been considered? - - [ ] If the endpoint utilises pagination, is it consistent with [the appendices](https://spec.matrix.org/latest/appendices/#pagination)? + - [ ] If the endpoint utilises pagination, is it consistent with [the appendices](https://spec.matrix.org/latest/appendices/#pagination)? - [ ] Will the MSC require a new room version, and if so, has that been made clear? - [ ] Is the reason for a new room version clearly stated? For example, modifying the set of redacted fields changes how event IDs are calculated, thus requiring a new room version. - [ ] Are backwards-compatibility concerns appropriately addressed? - [ ] An introduction exists and clearly outlines the problem being solved. Ideally, the first paragraph should be understandable by a non-technical audience. - [ ] All outstanding threads are resolved - [ ] All feedback is incorporated into the proposal text itself, either as a fix or noted as an alternative -- [ ] While the exact sections do not need to be present, the details implied by the proposal template are covered. Namely: - - Introduction - - Proposal text - - Potential issues - - Alternatives - - Security considerations - - Unstable prefix - - Dependencies -- [ ] The "Security considerations" section **must** be present, even if it's just "None". See [RFC3552](https://datatracker.ietf.org/doc/html/rfc3552) for things to think about, but in particular pay attention to the [OWASP Top Ten](https://owasp.org/www-project-top-ten/). +- [ ] There is a dedicated "Security Considerations" section which detail any possible attacks/vulnerabilities this proposal may introduce, even if this is "None.". See [RFC3552](https://datatracker.ietf.org/doc/html/rfc3552) for things to think about, but in particular pay attention to the [OWASP Top Ten](https://owasp.org/www-project-top-ten/). +- [ ] The other section headings in the template are optional, but even if they are omitted, the relevant details should still be considered somewhere in the text of the proposal. Those section headings are: + - [ ] Introduction + - [ ] Proposal text + - [ ] Potential issues + - [ ] Alternatives + - [ ] Unstable prefix + - [ ] Dependencies - [ ] Stable identifiers are used throughout the proposal, except for the unstable prefix section - [ ] Unstable prefixes [consider](https://github.com/matrix-org/matrix-spec-proposals/blob/main/README.md#unstable-prefixes) the awkward accepted-but-not-merged state - [ ] Chosen unstable prefixes do not pollute any global namespace (use “org.matrix.mscXXXX”, not “org.matrix”).