Comments (20)
I acknowledge.
from security-wg.
ACK
from security-wg.
from security-wg.
I acknowledge.
from security-wg.
ack
expectations of upcoming releases
That's somewhat unspecific. What does it mean?
from security-wg.
I acknowledge
from security-wg.
I acknowledge.
from security-wg.
from security-wg.
I acknowledge.
from security-wg.
I acknowledge.
from security-wg.
I acknowledge.
from security-wg.
I acknowledge.
from security-wg.
I acknowledge.
from security-wg.
ack
from security-wg.
I acknowledge as being an org owner. I do not have access to node-private.
from security-wg.
ack
from security-wg.
ack but I'd really like this wording to be amended to explicitly include the option to include outsiders as long as the private security groups agrees (in practice it'd be -- "I'd like to share with X, does anyone disagree?"). I can't say enough how hard it can be to get proper feedback on many security problems, their fixes and the handling process. There have been instances where having external help in reviewing or getting expert feedback has been essential. The security group is too small and not engaged enough right now and this restriction is just going to make it more difficult for the person trying to address a security concern and/or shepherding a fix out and will impact our ability to ensure quality fixes (we don't have a solid track record here, there are many instances of follow-up patches to our security fixes once the broader collaborator group gets to review).
from security-wg.
@rvagg sounds reasonable, if you could PR the additional working you think would make sense that would be great.
from security-wg.
Ack
from security-wg.
I think this is good to close at this point.
from security-wg.
Related Issues (20)
- OpenSSF Scorecard Report Updated!
- OpenSSF Scorecard Report Updated!
- Query on Security Release HOT 1
- Extend security reporting for LTS lines beyond their lifetimes HOT 8
- Node.js Security team Meeting 2023-06-22
- OpenSSF Scorecard Report Updated!
- OpenSSF Scorecard Report Updated!
- Audit build process for dependencies HOT 22
- How to includes "," or "*" char self in --allow-fs-read? HOT 23
- Info about the entry in package.json for which the corresponding dependency's warnings are shown while installing packages HOT 1
- Node.js Security team Meeting 2023-07-06 HOT 1
- Can I use --experimental-permission in new worker_threads.Worder's execArgv? HOT 6
- OpenSSF Scorecard Report Updated!
- OpenSSF Scorecard Report Updated!
- Node.js Security team Meeting 2023-07-20
- OpenSSF Scorecard Report Updated!
- CVEs fixed in the 6/20 releases not published to NVD yet HOT 17
- Node.js Security team Meeting 2023-08-03
- OpenSSF Scorecard Report Updated!
- OpenSSF Scorecard Report Updated!
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from security-wg.