-
Notifications
You must be signed in to change notification settings - Fork 122
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs: added meeting minutes for 2023-07-20 (#1056)
Co-authored-by: Rafael Gonzaga <[email protected]>
- Loading branch information
1 parent
dacd063
commit 0e8ac05
Showing
1 changed file
with
63 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,63 @@ | ||
| # Node.js Security team Meeting 2023-07-20 | ||
|
|
||
| ## Links | ||
|
|
||
| * **Recording**: https://www.youtube.com/watch?v=sZgy1FOco-g&ab_channel=node.js | ||
| * **GitHub Issue**: https://github.com/nodejs/security-wg/issues/1052 | ||
| * **Minutes Google Doc**: https://docs.google.com/document/d/1Da5hwSH-SjagwA4ClbJvH3SkKeJ71A48zC9oMH0Yfuk/edit | ||
|
|
||
| ## Present | ||
|
|
||
| * Security wg team: @nodejs/security-wg | ||
| * Rafael Gonzaga: @RafaelGSS | ||
| * Michael Dawson: @mhdawson | ||
| * Ulises Gascon: @ulisesgascon | ||
|
|
||
| ## Agenda | ||
|
|
||
| ## Announcements | ||
|
|
||
| *Extracted from **security-wg-agenda** labeled issues and pull requests from the **nodejs org** prior to the meeting. | ||
|
|
||
| - [X] Vulnerability Review - https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues | ||
| * nvd API to database is currently broken, requests timeout. | ||
| * watching issue in the client use that is tracking progress | ||
|
|
||
| - [X] OpenSSF Scorecard Monitor Review - https://github.com/nodejs/security-wg/issues?q=is%3Aissue+OpenSSF+Scorecard+Report+Updated%21+ | ||
| - Report details in https://github.com/nodejs/security-wg/pull/1055 | ||
| - Quick discussion/review in the meetings. | ||
| - There is a plan to add a new diff view to improve the comparison (potentially shipped for the next meeting). | ||
| - Michael led changes in `nodejs-addons-api` repository in order to increase the scoring. | ||
| - Ulises will follow up on the `-1` score results | ||
|
|
||
| ### nodejs/security-wg | ||
|
|
||
| * Audit build process for dependencies [#1037](https://github.com/nodejs/security-wg/issues/1037) | ||
| * no updates | ||
|
|
||
|
|
||
| * Initiative for CII-Best-Practices for Nodejs Projects [#953](https://github.com/nodejs/security-wg/issues/953) | ||
| * We agreed to start working in the Gold standard | ||
| * Ulises will check offline the two missing questions and probably merge the PR | ||
| * Ulises will coordinate with Rod the update in the OpenSSF website and add a mention to this in the news related feed. | ||
| * Ulises will create a table to consolidate the reasons behind some technical decisions that we made, so other contributors are aware | ||
|
|
||
| * Permission Model - Roadmap [#898](https://github.com/nodejs/security-wg/issues/898) | ||
| * a lot of fixes came out with the last security release | ||
| * some private work going on | ||
|
|
||
| * Automate security release process [#860](https://github.com/nodejs/security-wg/issues/860) | ||
| * Rafael did a lot of work for the last security release | ||
| * discussion around the funding for this task | ||
|
|
||
| * Assessment against best practices (OpenSSF Scorecards ...) [#859](https://github.com/nodejs/security-wg/issues/859) | ||
| * No news | ||
|
|
||
| ## Q&A, Other | ||
|
|
||
| ## Upcoming Meetings | ||
|
|
||
| * **Node.js Project Calendar**: <https://nodejs.org/calendar> | ||
|
|
||
| Click `+GoogleCalendar` at the bottom right to add to your own Google calendar. | ||
|
|