Fix Simple Chinese translation for security && governance page #2228
Conversation
There was a problem hiding this comment.
Remark: this needs WG-security-response to approve. Like #1996 (a previous attempt at translating this to zh-CN), I can offer to review if WG-security-response is on-board with that.
Like @cuviper said in #1996 (comment), we may also want to explicitly add a disclaimer that the English version is the only authoritative version.
Maybe we should add a note to temper expectations? Something like, "This policy translation is provided for convenience only -- the official policy is in English here (link)."
There was a problem hiding this comment.
@jieyouxu I'm happy to trust your approvals of Chinese translations!
There was a problem hiding this comment.
@jieyouxu Screenshot of https://rust-lang.org/zh-CN/policies/security
jieyouxu
left a comment
jieyouxu
left a comment
There was a problem hiding this comment.
Thanks for the translation. Looks accurate for the most part, I left only a few nits.
| </ul> | ||
| <p>报告漏洞时,请记住:</p> | ||
| <ul> | ||
| <li>除非另有说明,Rust 工具链的所有组件(rustc、Cargo、rust-analyzer 或通过 rustup 提供的任何其他工具)假定用户的源代码和依赖项是完全可信的、经过审查且不包含恶意代码。我们不认为因编译或分析恶意项目或依赖项而导致的攻击是安全漏洞。</li> |
There was a problem hiding this comment.
Nit:
| <li>除非另有说明,Rust 工具链的所有组件(rustc、Cargo、rust-analyzer 或通过 rustup 提供的任何其他工具)假定用户的源代码和依赖项是完全可信的、经过审查且不包含恶意代码。我们不认为因编译或分析恶意项目或依赖项而导致的攻击是安全漏洞。</li> | |
| <li>除非另有说明,Rust 工具链的所有组件(rustc、Cargo、rust-analyzer 或通过 rustup 提供的任何其他工具)假定用户的源代码和依赖项是完全可信的、经过审查且不包含恶意代码。因编译或分析恶意项目或依赖项而导致的攻击不属于我们考虑范围内的安全漏洞。</li> |
英文原文是
The original English text is
We do not consider attacks caused by compiling or analyzing malicious projects or dependencies a security vulnerability.
目前这句话翻译后
Currently, it's translated as
我们不认为因编译或分析恶意项目或依赖项而导致的攻击是安全漏洞。
意思更像是
Its meaning (to me) is closer to
We do not think attacks caused by compiling or analyzing malicious projects or dependencies are security vulnerabilities.
但是这含义感觉不太准确,因为这种确实是广义上的安全漏洞,但是不属于我们考虑的威胁模型范围内。也就是说,不是我们考虑的范围内。所以,感觉上更贴近的版本是
But the meaning doesn't seem quite accurate. Since this is, in the general sense, some kind of security vulnerability, but it's not a security vulnerability with respect to our threat model. So, a version that feels closer might be
因编译或分析恶意项目或依赖项而导致的攻击不属于我们考虑范围内的安全漏洞。
(Attacks caused by compiling or analyzing malicious projects or dependencies is not considered a security vulnerability with respect to our scope.)
| <li>收到安全报告后,将其分配给一位主要处理人。此人将协调修复和发布过程。</li> | ||
| <li>确认问题并确定所有受影响的版本,并邀请相关 Rust 团队的领域专家参与。</li> | ||
| <li>审核代码以发现任何潜在的类似问题。</li> | ||
| <li>为所有受支持的发布分支准备修复程序,并保留 CVE 编号。这些修复程序不会提交到公共仓库,而是保存在私有仓库中,等待公告发布。这些修复程序会使用与公共更改相同的审查流程进行私下审查。</li> |
There was a problem hiding this comment.
Nit:
感觉“修补程序”不太准确,因为一般中文语境中“程序”是独立的一个东西,但是一般这些修改都是已有程序和库的更改。可能直接称为“补丁”反而更准确 🤔
Feels like "fix program" isn't quite accurate, because "程序" (program) in Mandarin context is typically a standalone entity, whereas these fixes tend to be modifications on top of existing applications and libraries. Calling them "补丁" (patches) might be actually more accurate.
| <li>为所有受支持的发布分支准备修复程序,并保留 CVE 编号。这些修复程序不会提交到公共仓库,而是保存在私有仓库中,等待公告发布。这些修复程序会使用与公共更改相同的审查流程进行私下审查。</li> | |
| <li>为所有受支持的发布分支准备补丁,并保留 CVE 编号。这些补丁不会提交到公共仓库,而是保存在私有仓库中,等待公告发布。这些补丁会使用与公共更改相同的审查流程进行私下审查。</li> |
或者“修复改动”也不是不行。
Or "reparatory changes" (i.e. fixes) works too.
| <li>在封禁日期,公告的副本会发送到 <a href="{ -rustlang-security-announcements-google-groups-forum-href }">Rust 安全邮件列表</a> 并发布在 Rust 博客上。这些更改会推送到公共仓库,并启动发布流程。在一小时内,CVE 数据库中会发布完整的详细信息。</li> | ||
| </ol> |
There was a problem hiding this comment.
Nit:
| <li>在封禁日期,公告的副本会发送到 <a href="{ -rustlang-security-announcements-google-groups-forum-href }">Rust 安全邮件列表</a> 并发布在 Rust 博客上。这些更改会推送到公共仓库,并启动发布流程。在一小时内,CVE 数据库中会发布完整的详细信息。</li> | |
| </ol> | |
| <li>过封锁期后,公告的副本会发送到 <a href="{ -rustlang-security-announcements-google-groups-forum-href }">Rust 安全邮件列表</a> 并发布在 Rust 博客上。这些更改会推送到公共仓库,并启动发布流程。在一小时内,CVE 数据库中会发布完整的详细信息。</li> | |
| </ol> |
“在封禁日期”不准确,因为这个日期恰恰是解禁日期,即
"On the day of embargo" isn't quite accurate, because that date is the date when the embargo is lifted, i.e. previously embargoed -> now lifted. The original "after embargo duration" is more accurate. Alternatively, "on the day of lifting the embargo" works too.
| governance-team-launching-pad-description = 团队的临时家园 | ||
| governance-team-leadership-council-name = 领导委员会 | ||
| governance-team-leadership-council-description = 负责整个 Rust 项目的成功,由顶级团队的代表组成 |
There was a problem hiding this comment.
Nit (style): missing trailing newline :D
| governance-team-leadership-council-name = 领导委员会 | ||
| governance-team-leadership-council-description = 负责整个 Rust 项目的成功,由顶级团队的代表组成 |
There was a problem hiding this comment.
Nit:
| governance-team-leadership-council-name = 领导委员会 | |
| governance-team-leadership-council-description = 负责整个 Rust 项目的成功,由顶级团队的代表组成 | |
| governance-team-leadership-council-name = 领导议会 | |
| governance-team-leadership-council-description = 负责整个 Rust 项目的成功,由顶级团队的代表组成 |
感觉上“Leadership Council”翻译成“领导议会”可能更准确。起码我会把“council”翻译成“议会”、把“committee”翻译成委员会。例如 C++ Standards Committee 就是“C++ 标准委员会”。
Feels like "Leadership Council" is a more accurate translation. [.. my translation mapping in the general case: council -> 议会, committee -> 委员会]. For instance, "C++ Standards Committee" is translated into "C++ 标准委员会".
| governance-team-launching-pad-name = 启动平台 | ||
| governance-team-launching-pad-description = 团队的临时家园 |
There was a problem hiding this comment.
Suggestion:
| governance-team-launching-pad-name = 启动平台 | |
| governance-team-launching-pad-description = 团队的临时家园 | |
| governance-team-launching-pad-name = Launching pad | |
| governance-team-launching-pad-description = 团队的临时家园 |
感觉这个不翻译更好,这个顶层团队属于“其他没有更合适的顶层团队的团队的家”。
Feels more accurate to not translate it, this top-level team is more like a "home for teams that don't have better parent top-level teams".
3 participants
No description provided.