-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs: added meeting minutes 2023-05-11 (#983)
* docs: added meeting minutes 2023-05-11 related nodejs/security-wg#977 * Update meetings/2023-05-11.md Co-authored-by: Tobias Nießen <[email protected]> --------- Co-authored-by: Tobias Nießen <[email protected]>
- Loading branch information
1 parent
82882b9
commit 730e87c
Showing
1 changed file
with
65 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,65 @@ | ||
| # Node.js Security WorkGroup Meeting 2023-05-11 | ||
|
|
||
| ## Links | ||
|
|
||
| * **Recording**: https://www.youtube.com/watch?v=xtbjcbMjAvQ | ||
| * **GitHub Issue**: https://github.com/nodejs/security-wg/issues/977 | ||
| * **Minutes Google Doc**: https://docs.google.com/document/d/19rq7F__F3qSdW8v3CeACJ6LpWHLlnWZsTgJWVWUwltI/edit | ||
|
|
||
| ## Present | ||
|
|
||
| * Security wg team: @nodejs/security-wg | ||
| * Marco Ippolito @marco-ippolito | ||
| * Thomas GENTILHOMME @fraxken | ||
| * Ulises Gascon: @ulisesGascon | ||
|
|
||
| ## Agenda | ||
|
|
||
| ## Announcements | ||
|
|
||
| *Extracted from **security-wg-agenda** labelled issues and pull requests from the **nodejs org** prior to the meeting. | ||
|
|
||
| - [ ] Vulnerability Review - https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues | ||
| - Waiting for OpenSSL release | ||
| - [ ] OpenSSF Scorecard Monitor Review - https://github.com/nodejs/security-wg/issues?q=is%3Aissue+OpenSSF+Scorecard+Report+Updated%21+ | ||
| https://github.com/nodejs/security-wg/pull/981 | ||
| - No big changes. Just some organic changes for Undici | ||
|
|
||
| ### nodejs/security-wg | ||
|
|
||
| * Initiative for CII-Best-Practices for Nodejs Projects [#953](https://github.com/nodejs/security-wg/issues/953) | ||
| * Ulises: will merge and resolve the discussions for Entry-level PR: https://github.com/nodejs/security-wg/pull/954 | ||
| * Ulises will ask for permissions to push the changes to the OpenSSF project site | ||
| * We can start the discussion for silver-level in PR: https://github.com/nodejs/security-wg/pull/955 | ||
| * We have discussed if we can extend this to Undici as well | ||
| * Improve Node.js Scorecard [#929](https://github.com/nodejs/security-wg/issues/929) | ||
| * Ulises will update the report and remove it from the agenda | ||
| * Permission Model - Roadmap [#898](https://github.com/nodejs/security-wg/issues/898) | ||
| * Marco started to work in the path resolver in c++ | ||
| * Improve SecurityWG Scorecard [#884](https://github.com/nodejs/security-wg/issues/884) | ||
| * Ulises will update the report and remove it from the agenda | ||
| * We need to check how to get access to the security tab in Github for the Security WG team members. Ulises will create an issue about it | ||
| * Automate security release process [#860](https://github.com/nodejs/security-wg/issues/860) | ||
| * During the collaborators summit Rafael mentioned that there is room for the community to support this initiative with automations/tooling.. | ||
| * Ulises to discuss with Refael if we can create a task list/introduction in the next session so the community can pick pending actions and help us. | ||
| * Assessment against best practices (OpenSSF Scorecards ...) [#859](https://github.com/nodejs/security-wg/issues/859) | ||
| * It will be great to update the issue (as it is a reference) and update the pending actions and activities on going. | ||
| * Discussion about policy-integrity integration on Windows [#856](https://github.com/nodejs/security-wg/issues/856) | ||
| * No forum to discuss about it | ||
| * Automate updates of all dependencies [#828](https://github.com/nodejs/security-wg/issues/828) | ||
| * Marco has almost completed all the dependencies | ||
| * There is a discussion ongoing about this PR: https://github.com/nodejs/node/pull/47742. Your feedback is appreciated to unblock the discussion. | ||
| * Next step is to work in the regression so we can port the updated dependencies to the other Node.js versions available (16,18..). | ||
| * Marco will add more issues to the agenda for the next phase | ||
|
|
||
| ## Q&A, Other | ||
|
|
||
| * Congratulations to the Security WG from the collaborators summit, there is a very positive feedback for the job we made the last months. | ||
| * Security is going to be a key part in Node.js for the following years. | ||
|
|
||
| ## Upcoming Meetings | ||
|
|
||
| * **Node.js Project Calendar**: <https://nodejs.org/calendar> | ||
|
|
||
| Click `+GoogleCalendar` at the bottom right to add to your own Google calendar. | ||
|
|