Communication channel for public and private discussions for the WG

[lirantal]

@vdeturckheim and I have been changing some thoughts about the need for a more approachable communication channel for the team, and can potentially facilitate general open discussion by the community as well.

The problem today is that the internal (github) discussion system is not a friendly way of communication and carries with it a very "formal" atmosphere. Opening github issues is definitely easier but it is also quite an official approach. We find ourselves having some discussions through the Hacker1 platform but it's not ideal in terms of a "help channel", and you might not know who to mention, not everyone on the WG are also triage members, etc.

@vdeturckheim suggested slack where we can have private rooms for WG members, and public for general community discussions.

[vdeturckheim]

We could use it to welcome newcomers who wish to get advice on how to join the WG and learn to know them (in the past weeks a few people approched me with such questions).

Also, the ecosystem triage team could benefit from a place to interact with people who think about submitting reports an are not certain how to do it (right now, people are mostly pinging us through twitter DM).

[bl4de]

Absolutely something what you must have :)

[MarcinHoppe]

👍 for Slack. irc may also be an interesting open alternative.

[lirantal]

if we do IRC I get to drive by memory lane with bitchx + eggdrops on a remote shell ;)

[gergelyke]

I am happy to take this on! How about creating a slack org, with a public general channel where anyone can join and a private room where the triage team can discuss issues?

[ChALkeR]

Slack is not a secure mean of communication.
I am not aware of any viable secure alternatives, though, and we already trust hackerone, so whatever.

[lirantal]

@ChALkeR Slack may not be secure but we only need it for more streamlined communication channels. Even if we discuss some internal processes in the "private" channels we should definitely not be discussing there details of vulnerabilities - these should stay on the hackerone platform.

@gergelyke @vdeturckheim if there's no rejection on this, maybe we can start spinning this up and see how it goes, and discuss it further on the agenda meeting which is 3 weeks away. WDYT?

[gergelyke]

@lirantal 👍 I can go ahead and register an org - how does nodejs-security-wg sound?

[vdeturckheim]

lgtm

I don't know what is the current state of the art regarding public signup to slack tbh.

[gergelyke]

in the past, it worked great for me: https://github.com/rauchg/slackin

[vdeturckheim]

lgtm :D

[lirantal]

Let's go :)

[MarcinHoppe]

Where would this be announced for non-WG members of community to join?

[vdeturckheim]

REAMDE link should be good when ready

[lirantal]

Yep, we should push a badge there as well. I assume @gergelyke will do that.

[vdeturckheim]

I believe we can close as our Slack is up.

[MarcinHoppe]

👍 for closing.