Hi @nodejs/security-wg
I would like to nominate Daniel Ruf (@DanielRuf) to join the Security WG and the Ecosystem Triage team specifically.
Daniel has been a long time activist around software security through meetups and conferences, his open source projects on the matter, and recent security disclosure impacting npm, yarn and pnpm. He is also participating in quite a few open source projects such as verdaccio and gatsby and has a good understanding of the JavaScript ecosystem.
I would also like to add, with regards to recent conversations about activity within the working group, that I have laid out the expectations with Daniel before opening this about being an active triager within the H1 program and this being the primary focus.
+1 for more triagers: :tada:
馃憤
Lgtm!
Hi, thanks for the nomination =)
Is there some update / news regarding this?
I think this somehow fell through the cracks. Let me circle back with the team to find an onboarding buddy.
We have +1's it's just that we didn't have any agenda meetings happening recently and we didn't bring this up to confirm, that's all.
Let's make sure we're on it in the upcoming one and if not I'll ping here again for confirmation so we don't delay. Daniel will be an amazing addition to the team and the vulnerabilities queue is only piling up :-)
The next meeting is on Monday, sounds like we should be able to get Daniel's onboarding moving soon?
Any news? =)
We've had a problem meeting for the last few weeks but I don't think we should wait any longer.
@nodejs/security-wg I think we should proceed with adding @DanielRuf to the WG and the ecosystem triage team without having to wait for the WG meeting to take place. What do you think?
Yes let's proceed with this please, my bad for dropping the ball on continuing here.
This has been open for a while already so I'd assume if anyone wanted to voice against they would've done so already.
If no one objects in the next couple of days let's make it official.
So this has been open for quite a bit and we've got nothing but support on Daniel joining so I'll ping him to run with all the necessary onboarding tasks and I'll buddy him over in terms of training.
@lirantal This would be amazing, thank you!
@DanielRuf Welcome!
I think we can close this issue now that @DanielRuf has been onboarded?
From my side everything is clear so far and I am already actively working on the HackerOne reports =)
Cool. Closing then.
Most helpful comment
Yes let's proceed with this please, my bad for dropping the ball on continuing here.
This has been open for a while already so I'd assume if anyone wanted to voice against they would've done so already.
If no one objects in the next couple of days let's make it official.