Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

doc: add minutes for meeting 28 January #140

Merged
merged 1 commit into from
Jan 30, 2019
Merged

doc: add minutes for meeting 28 January #140

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
92 changes: 92 additions & 0 deletions meetings/2019-01-28.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
# Node.js Foundation Package Maintenance Team Meeting 2019-01-28

## Links

* **Recording**: https://www.youtube.com/watch?v=CGFDY3NLcMA
* **GitHub Issue**: https://github.com/nodejs/package-maintenance/issues/137

## Present

* Michael Dawson (@mhdawson)
* Tierney Cyren (@bnb)
* Lance Ball (@lance)
* Gentian Elmazi(@gentios)
* Joel Chen (@jchip)
* Matteo Collina (@mcollina)
* Keith Holliday (@thehollidayinn)

## Agenda

## Announcements

*Extracted from **package-maintenance-agenda** labelled issues and pull requests from the **nodejs org** prior to the meeting.

### nodejs/package-maintenance

* Engaging Enterprise teams to better understand challenges at scale [#138](https://github.com/nodejs/package-maintenance/issues/138)
* Tierney, Ahmad was working on tool over the weekend.
* Michael , this should our 4th area of focus as we jump in.
* Lance -> Red Hat this is important to us as well so will get involved in this effort
* Michael since those who opened issue/are interested in participating are
not in today’s meeting let’s skip for this time and collaborate through github
and leave on agenda for next time.

* Discussion: Baseline practices - brainstorm initial list [#119](https://github.com/nodejs/package-maintenance/issues/119)
* Next step is a summary/structure of the practices we want to put
in place to be captured.
* Michael gave overview of baseline practice for capturing support
Information in package.json.
* From discussion sounds like the naming is a bit confusing
* Matteo expressed that it would be better if it was a strict ordered list,
Michael is not sure if that will work as it may be more like licences
where there are “different” but not necessarily better or worse
levels.
* We need to continue to refine through comments/updates to the
PR.

* Which Problems Node.js OSS maintainers/authors face today? [#113](https://github.com/nodejs/package-maintenance/issues/113)
* Matteo took action to generate a summary from the discussion
so far and to create a list of package maintainers (as discussed
in last meeting we can start with list of “Friendly” maintainers
that Wes is creating as part of
https://github.com/nodejs/package-maintenance/issues/105)
that we can reach out to get additional feedback.

* Process to identify and engage with "Key Packages" [#105](https://github.com/nodejs/package-maintenance/issues/105)
* Next step is for Wes to create 3 issues for the steps he proposed
that we follow.

* discourage use of unmaintained packages [#93](https://github.com/nodejs/package-maintenance/issues/93)
* Brief discussion. Joel is going to take action to PR in baseline practice for
this and we can continue discussion in that PR.

* Suggestion: Provide template/guides/automation for common maintainer needs [#17](https://github.com/nodejs/package-maintenance/issues/17)
* Tierney, set up the things that we want, for example
* testing on all Node.js LTS versions
* testing on different platforms
* Tierney - volunteered to provide some structure, PR in in that structure to
the repo so we can ask people to help fill in it.

* Joel, infosec is becoming more of an issue.
* npm install automatically runs scripts pre/post install which is triggering concern
* is the security WG thinking about this?
* Tierney went to npm suggestions and put in a suggestion around ignoring scripts
* https://npm.community/t/add-ignore-script-scripts/4169
* Michael, this is something the security WG is looking at right how.
* Matteo, don’t run npm install on production machines. Security WG might provide
guidance not to do that.
* Joel, agree but unfortunately some teams do their own thing.
* Lance may also be some complications in the container.
* Joel will open issue in Security WG repo to ask if group can develop some guidance
around production deployment.

## Q&A, Other

* No questions this week.

## Upcoming Meetings

* **Node.js Foundation Calendar**: https://nodejs.org/calendar

Click `+GoogleCalendar` at the bottom right to add to your own Google calendar.