'Guidelines' or 'core tenets' of osquery (what tables belong in core, e.g.) no longer on site?

[arubdesu]

As mentioned at querycon, something along the lines of what tables belong in core/what the core tenets of osquery are used to be in the older version of the site. Can we see where that was and why it was not taken along during the site rewrite?

[arubdesu]

(Accreditation for fact this was in a previous repo/commit: @dallendoug)

[dallendoug]

I think it got wiped because it was in the FAQ, and that was going to be re-written. I remember several folks pointing me to this as a source of truth after online discussions.

It may be that it was never actually written up more formally than this, and people just thought it was -- but this part was referenced several times -- removed in https://github.com/facebook/osquery/pull/4084/files#diff-0a4712fc180eec4e9b2901734db431cc

was the FAQ that contained

"Does osquery expose private information?
-There are no explicit privilege escalation methods built into osquery. The osqueryi shell runs independently of the daemon. The results logged by the daemon will be private to the host unless a log aggregation approach is implemented by your enterprise.

-The osquery community respects developer and user privacy! We include a "non-goal" of exposing sensitive information like browsing history within tables. The osquery tools include 0 callback requests and 0 auto-updating, auto-diagnostic capabilities."

I think there was another reference outside the FAQ, but I haven't found it. The way back machine doesn't have the old version of the "read the docs" site archived. I know that this is what I was originally directed to the first time I heard someone talking about it. It may be that this was all we had plus original contributors just "knowing what they were" -- but we need them re-codified.

[scottlundgren]

@arubdesu thanks for submitting this. osquery/osquery#4474 tracks the idea of referencing those principals in osquery core docs as well.