Tom Conner

Yes and it would be nice to allow main to be updated without deleting everything -- it could preserve an allowlist of versions and branches and delete everything not on...

The second statement mentioned is not present in version 1.2, and the first statement has been strengthened to say MUST NOT ratehr than do not.

Wow that's great. [This](https://ga4gh.github.io/data-security/draft-1.3/versions) should be a good start for the directory. We should still publish the 1.2 version to a versioned URL.

I manually published the 1.2 release as a copy of the unversioned root so now we have: | Version | Changes | | ----------------------------------------------------------------------------------- | ------------------------------ | | [1.0](https://github.com/ga4gh/data-security/blob/AAIv1.0/AAI/AAIConnectProfile.md) |...

The TES readme explicitly [says](https://github.com/ga4gh/task-execution-schemas?tab=readme-ov-file#tes-compliant-implementations) that each implementation is responsible for its own security. You've mentioned a number of good security controls and practices, but these are not specific to...

I agree that when a service functions properly in one environment but unexpectedly fails in another due to security controls, it represents a significant implementation issue. Services should clearly document...

We've done this work but not committed the PR.

I'll have a think about whether this is done or is part of other work we do. We can discuss whether to keep this a separate issue.

Need to complete [these documents](https://drive.google.com/drive/folders/1YUgbFTGMJZz_RVFldvgxRN-03SwwSSMw) to form a study group.

[GIF AMA Agenda](https://docs.google.com/document/d/1L8Jo1U0ckDrKCdxFHZqWRhvVGNuG_-nEHAAQWYuIC5I/edit?disco=AAABo8rgoco&usp_dm=true&tab=t.0)