Community-committee: Proposal: Community Stewardship Working Group
In light of the issue emerging today around the compromised event-stream module, I believe it is well past time for the Node.js project to explore ways of helping the ecosystem of module developers out there. I am proposing the formation of a new Community Stewardship Working Group under the Community Committee. The purpose of this working group would be to take over stewardship of ecosystem modules meeting a minimum threshold profile should the original maintainer(s) no longer find themselves capable of maintaining the module. As stewards of the module, the working group would not make development changes to the module or publish new versions, but would help review and facilitate the transfer of ownership of the module to new maintainers.
The minimum profile for a module to qualify would likely need to be based on the number of dependencies and downloads.
There are obviously many details that would need to be determined on this. If there is interest in pursuing this proposal, may I suggest the next step would be organizing a conference call to discuss.
/cc @mcollina @indutny @nodejs/security-wg
jasnell
All 6 comments
I think this is what https://github.com/nodejs/package-maintenance should be about.
cc @mhdawson.
mcollina
on 27 Nov 2018
Discovering package-maintenance. Great point!
vdeturckheim
on 27 Nov 2018
IMO, we should close this. This is indeed what the package-maintenance thing is about. Like many good ideas, this one has been thought up by multiple people independently. I'm not on CommComm so I won't close it, but I think it should be closed before conversation fragments, and redirect the conversation/energy/activity to https://github.com/nodejs/package-maintenance where it can hopefully be harnessed.
Trott
on 27 Nov 2018
+1 to move this conv to package-maintenance
WaleedAshraf
on 27 Nov 2018
I agree it should likely be discussed in the context of https://github.com/nodejs/package-maintenance but I'll let @jasnell comment since he was in the loop on that initiative already.
mhdawson
on 28 Nov 2018
Yup, agreed that this should be focused into @nodejs/package-maintenance. Since we've not heard back from @jasnell in the last ~month, I'm going to go ahead and close this. James, if you feel like there's more discussion/scope outside of @nodejs/package-maintenance please feel free to re-open this ❤️
bnb
on 24 Dec 2018
Related issues
hackygolucky
·
4Comments
SMotaal
·
3Comments
keywordnew
·
3Comments
mhdawson
·
4Comments
mhdawson
·
4Comments
Most helpful comment
IMO, we should close this. This is indeed what the package-maintenance thing is about. Like many good ideas, this one has been thought up by multiple people independently. I'm not on CommComm so I won't close it, but I think it should be closed before conversation fragments, and redirect the conversation/energy/activity to https://github.com/nodejs/package-maintenance where it can hopefully be harnessed.