Incorporated feedback

dockstore · May 26, 2021 · 27c1934 · 27c1934
1 parent 15526cc
commit 27c1934
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/docs/advanced-topics/best-practices/best-practices-secure-fair-workflows.rst b/docs/advanced-topics/best-practices/best-practices-secure-fair-workflows.rst
@@ -78,7 +78,7 @@ Image / Container Best Practices
 	- Automate builds using an image registry that is configured to trigger a build whenever a change is pushed to the Dockerfile source control repository.
 	- Similar to our suggestion to publish your workflow under a GitHub organization, publish your images in an organization on a container registry. Additionally, this may make it easier for your institute to pay for a group plan to ensure your images never expire.
 
-- Limitation on and expiration of images: DockerHub has announced policies around pull limits as well as their intention to expire DockerHub images that haven't been pulled for some defined period of time (update: `this policy is delayed <https://www.docker.com/blog/docker-hub-image-retention-policy-delayed-and-subscription-updates/>`_). For example, this could mean that a workflow that hasn't been run in one month may no longer be reproducible if the image has been removed. 
+- Limitation on and expiration of images: DockerHub has announced policies around pull limits as well as their intention to expire DockerHub images that haven't been pulled for some defined period of time (At the time of writing this, Dockerhub has delayed `this policy <https://www.docker.com/blog/docker-hub-image-retention-policy-delayed-and-subscription-updates/>`_). For example, this could mean that a workflow that hasn't been run in some period of time may no longer be reproducible if the image has been removed. 
 
 - Alternative options include:
 	- Hosting the image on a different repository such as Google Container Repository, Quay.io, GitHub Packages, AWS ECR, etc.
@@ -236,7 +236,7 @@ Do not use untagged or “latest”.
 
 		- A full-sized sample is helpful for benchmarking your workflow and providing end-users with realistic compute and cost requirements. 
 
-- When writing your descriptor files, do not use remote imports (referencing software outside of the referenced container) or include scripts as input files. These practices decrease reusability and increases security risks. 
+- When writing your descriptor files, do not import remote descriptors using HTTP(s), nor use scripts outside of the container as input files. These practices decrease reusability and increase security risks. 
 - Provide a permissive license such as the `MIT License <https://choosealicense.com/licenses/mit/>`_, or `choose a license <https://choosealicense.com/>`_ that best fits your needs. It can be a text file in the git repository where the workflow is published (see `this example <https://github.com/nf-core/rnaseq/blob/master/LICENSE>`_). 
 
 - Provide a thorough README in the git repository. Here is an example of thorough documentation.