Node.js Security WorkGroup Meeting 2023-06-08 #1012
Description
Time
UTC Thu 08-Jun-2023 14:00 (02:00 PM):
| Timezone | Date/Time |
|---|---|
| US / Pacific | Thu 08-Jun-2023 07:00 (07:00 AM) |
| US / Mountain | Thu 08-Jun-2023 08:00 (08:00 AM) |
| US / Central | Thu 08-Jun-2023 09:00 (09:00 AM) |
| US / Eastern | Thu 08-Jun-2023 10:00 (10:00 AM) |
| EU / Western | Thu 08-Jun-2023 15:00 (03:00 PM) |
| EU / Central | Thu 08-Jun-2023 16:00 (04:00 PM) |
| EU / Eastern | Thu 08-Jun-2023 17:00 (05:00 PM) |
| Moscow | Thu 08-Jun-2023 17:00 (05:00 PM) |
| Chennai | Thu 08-Jun-2023 19:30 (07:30 PM) |
| Hangzhou | Thu 08-Jun-2023 22:00 (10:00 PM) |
| Tokyo | Thu 08-Jun-2023 23:00 (11:00 PM) |
| Sydney | Fri 09-Jun-2023 00:00 (12:00 AM) |
Or in your local time:
- https://www.timeanddate.com/worldclock/fixedtime.html?msg=Node.js+Foundation+Security%20WorkGroup+Meeting+2023-06-08&iso=20230608T1400
- or https://www.wolframalpha.com/input/?i=02PM+UTC%2C+Jun+08%2C+2023+in+local+time
Links
- Minutes Google Doc: https://docs.google.com/document/d/1rtug7HnSLdTlCrdwMltQyh3vpQt9GWuGP1y2XRKA--Q/edit
Agenda
Extracted from security-wg-agenda labelled issues and pull requests from the nodejs org prior to the meeting.
nodejs/security-wg
- Issue for Security wg project related news? #1006
- Permission - Environment variables #993
- Requirement: It MUST be possible to configure the software so that smaller keylengths are completely disabled #988
- Requirement: Secure development knowledge #987
- Requirement: Publicly known medium-high vulnerabilities unpatched for +60 days #986
- Requirement: Static source code analysis daily or per commit #985
- Initiative for CII-Best-Practices for Nodejs Projects #953
- Permission Model - Roadmap #898
- Overlap with single-executable effort #879
- Update Charter / Readme.md #874
- Automate security release process #860
- Assessment against best practices (OpenSSF Scorecards ...) #859
- Discussion about policy-integrity integration on Windows #856
Invited
- Security wg team: @nodejs/security-wg
Observers/Guests
Notes
The agenda comes from issues labelled with security-wg-agenda across all of the repositories in the nodejs org. Please label any additional issues that should be on the agenda before the meeting starts.
Joining the meeting
- link for participants: <>
- For those who just want to watch We stream our conference call straight to YouTube so anyone can listen to it live, it should start playing at https://www.youtube.com/c/nodejs+foundation/live when we turn it on. There's usually a short cat-herding time at the start of the meeting and then occasionally we have some quick private business to attend to before we can start recording & streaming. So be patient and it should show up.
- youtube admin page: https://www.youtube.com/my_live_events?filter=scheduled
Metadata
Metadata
Assignees
Labels
No labels