Security-wg: Change repo name?

Created on 5 Feb 2020  路  9Comments  路  Source: nodejs/security-wg

I believe that this group has changed it's name to the "Ecosystem Security Working Group"... I think it would be prudent to change the name of the repo to reflect that./

Most helpful comment

If we're making this change then let's please bundle it with the move of the DB to the security-advisories repo too.

All 9 comments

I agree. I think we should get a consensus among WG members first and then rename the repo.

A few things to consider:

  • The repo contains the vulnerability database any any effect that will have tools that use the database. In the past we provide a period of time before making a potentially breaking change like this
  • The vulnerability database also contains the core vulns: https://github.com/nodejs/security-wg/tree/master/vuln/core
* The repo contains the vulnerability database any any effect that will have tools that use the database.  In the past we provide a period of time before making a potentially breaking change like this

By default GitHub creates redirects and these should work in most cases.

@DanielRuf good point on the redirects.

If we're making this change then let's please bundle it with the move of the DB to the security-advisories repo too.

No objections, but should change after the DB has moved out of this repo, which is close to done.

On the call now with Sam, reviewing this issue and agreed on:

  1. Name change - are we all agreeing on the name? Ecosystem Security WG?
  2. Moving existing DB of vulns (both core and ecosystem) to security-advisories per planned

@DanielRuf maybe you'd fancy completing the work of moving the DB around to a new repo? I believe Vladimir already started this and it just needs finishing. @vdeturckheim ?

@DanielRuf maybe you'd fancy completing the work of moving the DB around to a new repo?

What are the exact steps that I have to do? =)
The DB is just https://github.com/nodejs/security-wg/tree/master/vuln or more?

@DanielRuf Yep that's the DB but as it seems with the discussion in the recent days going in Marcin's issue and on the Slack that we want to retire the DB entirely (https://github.com/nodejs/security-wg/issues/662#issuecomment-641132031) and so moving it out anyway doesn't make sense or worth the effort at this point.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

sam-github picture sam-github  路  5Comments

sam-github picture sam-github  路  7Comments

drifkin picture drifkin  路  7Comments

lirantal picture lirantal  路  7Comments

mhdawson picture mhdawson  路  4Comments