@jknabl-gitlab may you please assist with the review here, thanks.

@tachyons-gitlab may I please have your review on this one, thanks.

@eduardosanz it looks like rspec:undercoverage is a legit failure 😞

Ash McKenzie (159d382c) at 17 Mar 00:50

... and 1 more commit

Ash McKenzie (1099438b) at 17 Mar 00:50

What does this MR do and why?

I was wondering how often the replicas in Postgres.ai are updated / how stale the data can get. In #database and #postgres-ai-gitlab it was confirmed that the cadence is every 4 hours.

This MR documents it so it's easier for others to find in future.

References

Internal only:

• https://gitlab.slack.com/archives/C3NBYFJ6N/p1764798191886309
• https://gitlab.slack.com/archives/C01FR4QPNA2/p1764801296223149?thread_ts=1764800845.307599&cid=C01FR4QPNA2

Screenshots or screen recordings

Before	After

How to set up and validate locally

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Ash McKenzie (4ad44b5e) at 17 Mar 00:49

What does this MR do and why?

I was wondering how often the replicas in Postgres.ai are updated / how stale the data can get. In #database and #postgres-ai-gitlab it was confirmed that the cadence is every 4 hours.

This MR documents it so it's easier for others to find in future.

References

Internal only:

• https://gitlab.slack.com/archives/C3NBYFJ6N/p1764798191886309
• https://gitlab.slack.com/archives/C01FR4QPNA2/p1764801296223149?thread_ts=1764800845.307599&cid=C01FR4QPNA2

Screenshots or screen recordings

Before	After

How to set up and validate locally

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Ash McKenzie (d5a0ebc1) at 17 Mar 00:30

I just deployed these changes for preview at https://gitlab-com.gitlab.io/content-sites/handbook/mr18858/handbook/security/product-security/security-platforms-architecture/product-security-engineering/ and they look good 👍

Why is this change being made?

Since the SecCapEng page was developed with a shared "ways of working" (or operating model), we need to update our ProdSecEng handbook to align. The changes in this MR include (by page):

1. product-security-engineering/index.md
   1. Updated - Made language more concise, move all the "Operational Runbooks" to the detailed-workflow.md page
2. product-security-engineering/detailed-workflow.md
   1. Updated - Removed old "teams ways of working" based off what we now follow in the security-capabilities-engineering page, made language more concise
3. product-security-engineering/product-security-requirements.md
   1. Updated - Removed intake/co-create detail that is covered in Prodsec-to-product-workflow (and this will likely be further refined as that page gets updated)
   2. Focused this on detail that is not covered yet on that page - such as buy/build/wait and the details of the sunsetting process
4. product-security-engineering/milestone-planning.md
   1. Deleted - after reducing the detail to make it clear and concise, it was short enough to fold into the detailed-workflow.md file
5. security-interlock/prodsec-to-product-workflow/internal-co-create
   1. Deleted - as it isn't the process we are following now and is outdated; the parent page will be updated instead

Author and Reviewer Checklist

Please verify the check list and ensure to tick them off before the MR is merged.

• Provided a concise title for this Merge Request (MR)
• Added a description to this MR explaining the reasons for the proposed change, per say why, not just what
  • Copy/paste the Slack conversation to document it for later, or upload screenshots. Verify that no confidential data is added, and the content is SAFE
• Assign reviewers for this MR to the correct
  • The when to get approval handbook section explains when DRI approval is required
  • The who can approve handbook section explains how to identify the DRI
  • If the MR does not require DRI approval, consider asking someone on your team, such as your manager.
  • The approver may merge the MR. If they approve but don't merge, you can merge.
• For transparency, share this MR with the audience that will be impacted.
  • Team: For changes that affect your direct team, share in your group Slack channel
  • Department: If the update affects your department, share the MR in your department Slack channel
  • Division: If the update affects your division, share the MR in your division Slack channel
  • Company: If the update affects all (or the majority of) GitLab team members, post an update in #whats-happening-at-gitlab linking to this MR
    • For high-priority company-wide announcements work with the internal communications team to post the update in #company-fyi and align on a plan to circulate in additional channels like the "While You Were Iterating" Newsletter

Commits

• Made main handbook landing page more concise, moving operating model to child page

---

Right now - just a humble calendar reminder 😅 Is there a smarter way? I guess creating an issue with a due date?

An Issue work a due date that follows a template sounds like a great idea. Having action items that are tickable with the final item being to create a follow-up Issue with a new due date is a common pattern we've used in the past for TLS certs etc that could work here?

Unfortunately the MR created for this was empty? 🤷