docs: meeting minutes for 2024-11-11

meetings/2024-11-11.md

@@ -0,0 +1,85 @@
+# Express TC Meeting 2024-11-11
+
+## Links
+
+* **Github Issue**: https://github.com/expressjs/discussions/issues/302
+* **Minutes Google Doc**: https://docs.google.com/document/d/17LNxh10Jg-7G_l3q-ZuVrWchwhNlqC2LgwX3e2oRwxI/edit?tab=t.0
+
+## Present
+
+* Blake Embrey @blakeembrey 
+* Jean Burellier @sheplu
+* Wes Todd @wesleytodd
+* Chris de Almeida @ctcpip
+* Filip Kudla @kjugi
+* Jon Church @jonchurch 
+* Sebastian Beltran @bjohansebas
+* Ulises Gascón @ulisesgascon
+
+## Announcements:
+
+* Some recent releases made and other releases will be done this week (Tomorrow/Wednesday)
+* Currently Express releases for 4x and 5.x are blocked due a security patch (soon available)
+
+## Agenda:
+
+* [Create a codemod repository](https://github.com/expressjs/discussions/issues/274)
+* AI Generated Logo
+* Tidelift
+* [STF (Sovereign Tech Fund)](https://github.com/expressjs/discussions/issues/244)
+* Cloudflare Account
+* Collaboration with APMs on diagnostic channels and performance monitoring
+
+### Create a codemod repository
+
+* If we want to migrate the repo to the org we need to ensure that it has all the files (license, readme, CoC, etc…)
+* Sebastian and Filip agree to move the repo to the org once the files are included.
+* TC Team will accept the migration and normalize the teams, etc… in the GitHub settings after the migration.
+
+### AI Generated Logo
+
+* We created a train logo, but we are thinking about dropping it and going back to the drawing board w/ a human artist.
+* We are going to drop the train logo.
+
+### Tidelift
+
+* We may not be allowed to use tidelift under the OpenJSF, it’s a gray area rn apparently. 
+We’d need the foundation to weigh in, aren’t there other OpenJSF projects using tidelift?
+
+### STF (Sovereign Tech Fund)
+
+* We discussed earlier today having a PM role to help manage the overall contract w/ the STF.
+Wes; Should we create an ADR PR to hash out decision making in the open for the STF? aka do we need a PM, who will fulfill the role, how will they be paid.
+
+* We didn’t make any decisions about who will work on what milestones. 
+* Our next steps here is to create more structure around the Grant, and decide the deliverables which rollup to the milestones. 
+
+* Can we iterate on milestones before things are finalized? What would we do if so.
+
+* Specifically: “Milestone 2: Implement the @express Scope for All Modules in npm - Aimed at improving package recognition and security by republishing under a unified scope.”
+
+    The body of the milestone is:
+
+    “Currently, our packages are published in npm without a scope, making it difficult for
+    end users to identify the official packages maintained by Express. This lack of clarity
+    increases the risk of users accidentally installing malicious packages due to
+    typosquatting and other similar attacks.
+
+    By deprecating the existing packages and republishing them under the @express
+    scope, we will provide better support for our users and significantly reduce the
+    attack surface for security vulnerabilities. This change will enhance the overall
+    security and trustworthiness of the Express ecosystem. The team will also provide
+    blog posts and documentation to update the community around these improvements
+    as appropriate, as well as any documentation required for future maintainers.”
+
+### Cloudflare Account
+
+* Linux Foundation infra team is providing infra support.
+* Things we’ve talked to them about are: password manager, mailing list, our domain
+* Who owns our cloudflare account? Right now the domain is under IBM’s cloudflare account, apparently. (Strongloop acquired express back in the day, then IBM acquired Strongloop)
+* We want to get access so we can update our DNS records to enforce HTTPS on github pages.
+* James Snell got us in contact w/ IBM folks, 
+
+### Collaboration with APMs on diagnostic channels and performance monitoring
+
+* No time to discuss