From 91f440437a3ab5365aa8344a4a8f775560d38f84 Mon Sep 17 00:00:00 2001 From: Sebastian Beltran Date: Mon, 11 Nov 2024 21:44:21 -0500 Subject: [PATCH] docs: meeting minutes for 2024-11-11 --- meetings/2024-11-11.md | 85 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+) create mode 100644 meetings/2024-11-11.md diff --git a/meetings/2024-11-11.md b/meetings/2024-11-11.md new file mode 100644 index 0000000..2e69223 --- /dev/null +++ b/meetings/2024-11-11.md @@ -0,0 +1,85 @@ +# Express TC Meeting 2024-11-11 + +## Links + +* **Github Issue**: https://github.com/expressjs/discussions/issues/302 +* **Minutes Google Doc**: https://docs.google.com/document/d/17LNxh10Jg-7G_l3q-ZuVrWchwhNlqC2LgwX3e2oRwxI/edit?tab=t.0 + +## Present + +* Blake Embrey @blakeembrey +* Jean Burellier @sheplu +* Wes Todd @wesleytodd +* Chris de Almeida @ctcpip +* Filip Kudla @kjugi +* Jon Church @jonchurch +* Sebastian Beltran @bjohansebas +* Ulises Gascón @ulisesgascon + +## Announcements: + +* Some recent releases made and other releases will be done this week (Tomorrow/Wednesday) +* Currently Express releases for 4x and 5.x are blocked due a security patch (soon available) + +## Agenda: + +* [Create a codemod repository](https://github.com/expressjs/discussions/issues/274) +* AI Generated Logo +* Tidelift +* [STF (Sovereign Tech Fund)](https://github.com/expressjs/discussions/issues/244) +* Cloudflare Account +* Collaboration with APMs on diagnostic channels and performance monitoring + +### Create a codemod repository + +* If we want to migrate the repo to the org we need to ensure that it has all the files (license, readme, CoC, etc…) +* Sebastian and Filip agree to move the repo to the org once the files are included. +* TC Team will accept the migration and normalize the teams, etc… in the GitHub settings after the migration. + +### AI Generated Logo + +* We created a train logo, but we are thinking about dropping it and going back to the drawing board w/ a human artist. +* We are going to drop the train logo. + +### Tidelift + +* We may not be allowed to use tidelift under the OpenJSF, it’s a gray area rn apparently. +We’d need the foundation to weigh in, aren’t there other OpenJSF projects using tidelift? + +### STF (Sovereign Tech Fund) + +* We discussed earlier today having a PM role to help manage the overall contract w/ the STF. +Wes; Should we create an ADR PR to hash out decision making in the open for the STF? aka do we need a PM, who will fulfill the role, how will they be paid. + +* We didn’t make any decisions about who will work on what milestones. +* Our next steps here is to create more structure around the Grant, and decide the deliverables which rollup to the milestones. + +* Can we iterate on milestones before things are finalized? What would we do if so. + +* Specifically: “Milestone 2: Implement the @express Scope for All Modules in npm - Aimed at improving package recognition and security by republishing under a unified scope.” + + The body of the milestone is: + + “Currently, our packages are published in npm without a scope, making it difficult for + end users to identify the official packages maintained by Express. This lack of clarity + increases the risk of users accidentally installing malicious packages due to + typosquatting and other similar attacks. + + By deprecating the existing packages and republishing them under the @express + scope, we will provide better support for our users and significantly reduce the + attack surface for security vulnerabilities. This change will enhance the overall + security and trustworthiness of the Express ecosystem. The team will also provide + blog posts and documentation to update the community around these improvements + as appropriate, as well as any documentation required for future maintainers.” + +### Cloudflare Account + +* Linux Foundation infra team is providing infra support. +* Things we’ve talked to them about are: password manager, mailing list, our domain +* Who owns our cloudflare account? Right now the domain is under IBM’s cloudflare account, apparently. (Strongloop acquired express back in the day, then IBM acquired Strongloop) +* We want to get access so we can update our DNS records to enforce HTTPS on github pages. +* James Snell got us in contact w/ IBM folks, + +### Collaboration with APMs on diagnostic channels and performance monitoring + +* No time to discuss \ No newline at end of file