I believe that this group has changed it's name to the "Ecosystem Security Working Group"... I think it would be prudent to change the name of the repo to reflect that./
I agree. I think we should get a consensus among WG members first and then rename the repo.
A few things to consider:
* The repo contains the vulnerability database any any effect that will have tools that use the database. In the past we provide a period of time before making a potentially breaking change like this
By default GitHub creates redirects and these should work in most cases.
@DanielRuf good point on the redirects.
If we're making this change then let's please bundle it with the move of the DB to the security-advisories repo too.
No objections, but should change after the DB has moved out of this repo, which is close to done.
On the call now with Sam, reviewing this issue and agreed on:
@DanielRuf maybe you'd fancy completing the work of moving the DB around to a new repo? I believe Vladimir already started this and it just needs finishing. @vdeturckheim ?
@DanielRuf maybe you'd fancy completing the work of moving the DB around to a new repo?
What are the exact steps that I have to do? =)
The DB is just https://github.com/nodejs/security-wg/tree/master/vuln or more?
@DanielRuf Yep that's the DB but as it seems with the discussion in the recent days going in Marcin's issue and on the Slack that we want to retire the DB entirely (https://github.com/nodejs/security-wg/issues/662#issuecomment-641132031) and so moving it out anyway doesn't make sense or worth the effort at this point.
Most helpful comment
If we're making this change then let's please bundle it with the move of the DB to the security-advisories repo too.