Skip to content

2024-04-25.md

Latest commit

 

History

History
76 lines (51 loc) · 3.21 KB

2024-04-25.md

File metadata and controls

76 lines (51 loc) · 3.21 KB

Node.js Security team Meeting 2024-04-25

Links

Present

  • Thomas GENTILHOMME (@fraxken)
  • Michael Dawson (@mhdawson)
  • Rafael Gonzaga (@RafaelGSS)
  • Ulises Gascon (@UlisesGascon)
  • Robert - Microsoft
  • Lee Holmes - Microsoft
  • Carlos Espa

Agenda

Announcements

*Extracted from security-wg-agenda labelled issues and pull requests from the nodejs org prior to the meeting.

nodejs/node

  • Remove --experimental-policy #52575

    • Have been receiving lots of reports
    • Don’t have anybody who can maintain/keep up with the reports
    • Are starting down the path to remove the feature as its experimental
    • Lee Holmes, gave us an overview of why integrity is important.
    • Rafael, seems like main part is file integrity is the important part

  • tools: change inactive limit to 9 months #52459

nodejs/security-wg

  • Collaborators Inactivity Policy Review #1282

    • Added to potential initiatives list

  • Can we have "unsecure" features in Node.js? #1274

    • General consensus that we should not have it. Answered in the issue asking aduh95 to join us to discuss further

  • Discuss adding --security-revert to NODE_OPTIONS #1262

    • Michael gave overview and we had some discussion

  • Initiative for CII-Best-Practices for Nodejs Projects #953

    • Requested team review on #1185
    • Waiting for ownership transfer: #953 (comment)
    • We can reply “No” to the pending questions in gold and merge the PR: #956 ?
    • Remove from the agenda for now?

  • Node.js Security Initiatives 2024 #1255

-- end of the meeting --

Q&A, Other

Upcoming Meetings

Click +GoogleCalendar at the bottom right to add to your own Google calendar.