Security-wg: Self-nomination

Created on 1 May 2020  路  11Comments  路  Source: nodejs/security-wg

I would like to join back this working group and help triage issues on H1.
I'm unlikely to be able to participate in meetings however due to other commitments.

Most helpful comment

I would like to put myself to service if a maintainer is not responding and in an advisory role in case there is some doubts. I probably do not have enough time to do the whole triaging :( - I would like to.

All 11 comments

+1 from me. @mcollina is a member of the Node.js TSC (just for the record here), as well as active in Node.js security issue triage and fix.

As for meetings, see #642 and related, meetings are pretty rare, and private sec issues are not discussed in them (to my memory, certainly not in public).

+1 as Matteo have been involved in many security incidents previously too.
@mcollina do you think you'll likely have time to go through the triage process for ecosystem libraries?

Is it necessary he take issues through the entire process, or could he participate more in the reaching out to the package maintainers, and working with them to get timely fixes? That's not full lifecyle (in terms of creating the JSON, etc.), but it would be helpful IMO. I'll let him weigh in on his specfic interests.

Definitely any combination of that would be helpful. Triaging is a more time-consuming process which is why I was asking as I know Matteo is probably busy with other things. We'll take any help we can get :-)

@nodejs/security-wg -- what's the quorum on these? the existing triage team?

modified by a vote from the working group.

Bit vague. I'm not sure if we can get a quorum :-).

@ChALkeR @mhdawson @vdeturckheim @cjihrig @MarcinHoppe etc.

+1 from me.

Big +1 here.

I would like to put myself to service if a maintainer is not responding and in an advisory role in case there is some doubts. I probably do not have enough time to do the whole triaging :( - I would like to.

These days most of the triage is done by H1 staff, and our role is mostly in coordinating disclosure and patch releases with maintainers.

Also a huge 馃憤 from me for @mcollina to join the WG!

I think that is a quorum.

@mcollina PR yourself into the top-level README.md (add yourself to the team, then do ncu-team sync) and the vuln team, as described in https://github.com/nodejs/security-wg/blob/master/processes/third_party_vuln_process.md#members, to indicate acceptance of the policy.

Once that merges, I'll add you to H1.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

joker314 picture joker314  路  4Comments

sam-github picture sam-github  路  7Comments

victor1342 picture victor1342  路  4Comments

sam-github picture sam-github  路  7Comments

mhdawson picture mhdawson  路  5Comments