Node.js Security WorkGroup Meeting 2023-04-13
mhdawson opened this issue · 2 comments
mhdawson commented
Time
UTC Thu 13-Apr-2023 14:00 (02:00 PM):
Timezone | Date/Time |
---|---|
US / Pacific | Thu 13-Apr-2023 07:00 (07:00 AM) |
US / Mountain | Thu 13-Apr-2023 08:00 (08:00 AM) |
US / Central | Thu 13-Apr-2023 09:00 (09:00 AM) |
US / Eastern | Thu 13-Apr-2023 10:00 (10:00 AM) |
EU / Western | Thu 13-Apr-2023 15:00 (03:00 PM) |
EU / Central | Thu 13-Apr-2023 16:00 (04:00 PM) |
EU / Eastern | Thu 13-Apr-2023 17:00 (05:00 PM) |
Moscow | Thu 13-Apr-2023 17:00 (05:00 PM) |
Chennai | Thu 13-Apr-2023 19:30 (07:30 PM) |
Hangzhou | Thu 13-Apr-2023 22:00 (10:00 PM) |
Tokyo | Thu 13-Apr-2023 23:00 (11:00 PM) |
Sydney | Fri 14-Apr-2023 00:00 (12:00 AM) |
Or in your local time:
- https://www.timeanddate.com/worldclock/fixedtime.html?msg=Node.js+Foundation+Security%20WorkGroup+Meeting+2023-04-13&iso=20230413T1400
- or https://www.wolframalpha.com/input/?i=02PM+UTC%2C+Apr+13%2C+2023+in+local+time
Links
- Minutes Google Doc: https://docs.google.com/document/d/1mtutsPq1G3F_5Cc67nECYivExOsI1zXOpNMJhx7YS8k/edit
Agenda
Extracted from security-wg-agenda labelled issues and pull requests from the nodejs org prior to the meeting.
nodejs/security-wg
- Scorecard Review #937
- Improve Node.js Scorecard #929
- Workflows failing due repo config #908
- Permission Model - Roadmap #898
- Improve SecurityWG Scorecard #884
- Automate security release process #860
- Assessment against best practices (OpenSSF Scorecards ...) #859
- Discussion about policy-integrity integration on Windows #856
- Automate updates of all dependencies #828
nodejs/nodejs-dependency-vuln-assessments
- Recursive support on Node.js dependencies #89
Invited
- Security wg team: @nodejs/security-wg
Observers/Guests
Notes
The agenda comes from issues labelled with security-wg-agenda
across all of the repositories in the nodejs org. Please label any additional issues that should be on the agenda before the meeting starts.
Joining the meeting
- link for participants: <>
- For those who just want to watch We stream our conference call straight to YouTube so anyone can listen to it live, it should start playing at https://www.youtube.com/c/nodejs+foundation/live when we turn it on. There's usually a short cat-herding time at the start of the meeting and then occasionally we have some quick private business to attend to before we can start recording & streaming. So be patient and it should show up.
- youtube admin page: https://www.youtube.com/my_live_events?filter=scheduled
UlisesGascon commented
Here is the last version of the OpenSSF Scorecard Analysis: #946.
Nothing relevant in the three projects that we actively monitoring. The other projects had made a good progress!
RafaelGSS commented
I'd like to talk about openjs-foundation/summit#346 too