|
| 1 | +# Node.js Foundation Package Maintenance Team Meeting 2019-01-28 |
| 2 | + |
| 3 | +## Links |
| 4 | + |
| 5 | +* **Recording**: https://www.youtube.com/watch?v=CGFDY3NLcMA |
| 6 | +* **GitHub Issue**: https://github.com/nodejs/package-maintenance/issues/137 |
| 7 | + |
| 8 | +## Present |
| 9 | + |
| 10 | +* Michael Dawson (@mhdawson) |
| 11 | +* Tierney Cyren (@bnb) |
| 12 | +* Lance Ball (@lance) |
| 13 | +* Gentian Elmazi(@gentios) |
| 14 | +* Joel Chen (@jchip) |
| 15 | +* Matteo Collina (@mcollina) |
| 16 | +* Keith Holliday (@thehollidayinn) |
| 17 | + |
| 18 | +## Agenda |
| 19 | + |
| 20 | +## Announcements |
| 21 | + |
| 22 | +*Extracted from **package-maintenance-agenda** labelled issues and pull requests from the **nodejs org** prior to the meeting. |
| 23 | + |
| 24 | +### nodejs/package-maintenance |
| 25 | + |
| 26 | +* Engaging Enterprise teams to better understand challenges at scale [#138](https://github.com/nodejs/package-maintenance/issues/138) |
| 27 | + * Tierney, Ahmad was working on tool over the weekend. |
| 28 | + * Michael , this should our 4th area of focus as we jump in. |
| 29 | + * Lance -> Red Hat this is important to us as well so will get involved in this effort |
| 30 | + * Michael since those who opened issue/are interested in participating are |
| 31 | + not in today’s meeting let’s skip for this time and collaborate through github |
| 32 | + and leave on agenda for next time. |
| 33 | + |
| 34 | +* Discussion: Baseline practices - brainstorm initial list [#119](https://github.com/nodejs/package-maintenance/issues/119) |
| 35 | + * Next step is a summary/structure of the practices we want to put |
| 36 | + in place to be captured. |
| 37 | + * Michael gave overview of baseline practice for capturing support |
| 38 | + Information in package.json. |
| 39 | + * From discussion sounds like the naming is a bit confusing |
| 40 | + * Matteo expressed that it would be better if it was a strict ordered list, |
| 41 | + Michael is not sure if that will work as it may be more like licences |
| 42 | + where there are “different” but not necessarily better or worse |
| 43 | + levels. |
| 44 | + * We need to continue to refine through comments/updates to the |
| 45 | + PR. |
| 46 | + |
| 47 | +* Which Problems Node.js OSS maintainers/authors face today? [#113](https://github.com/nodejs/package-maintenance/issues/113) |
| 48 | + * Matteo took action to generate a summary from the discussion |
| 49 | + so far and to create a list of package maintainers (as discussed |
| 50 | + in last meeting we can start with list of “Friendly” maintainers |
| 51 | + that Wes is creating as part of |
| 52 | + https://github.com/nodejs/package-maintenance/issues/105) |
| 53 | + that we can reach out to get additional feedback. |
| 54 | + |
| 55 | +* Process to identify and engage with "Key Packages" [#105](https://github.com/nodejs/package-maintenance/issues/105) |
| 56 | + * Next step is for Wes to create 3 issues for the steps he proposed |
| 57 | + that we follow. |
| 58 | + |
| 59 | +* discourage use of unmaintained packages [#93](https://github.com/nodejs/package-maintenance/issues/93) |
| 60 | +* Brief discussion. Joel is going to take action to PR in baseline practice for |
| 61 | + this and we can continue discussion in that PR. |
| 62 | + |
| 63 | +* Suggestion: Provide template/guides/automation for common maintainer needs [#17](https://github.com/nodejs/package-maintenance/issues/17) |
| 64 | + * Tierney, set up the things that we want, for example |
| 65 | + * testing on all Node.js LTS versions |
| 66 | + * testing on different platforms |
| 67 | + * Tierney - volunteered to provide some structure, PR in in that structure to |
| 68 | + the repo so we can ask people to help fill in it. |
| 69 | + |
| 70 | +* Joel, infosec is becoming more of an issue. |
| 71 | + * npm install automatically runs scripts pre/post install which is triggering concern |
| 72 | + * is the security WG thinking about this? |
| 73 | + * Tierney went to npm suggestions and put in a suggestion around ignoring scripts |
| 74 | + * https://npm.community/t/add-ignore-script-scripts/4169 |
| 75 | + * Michael, this is something the security WG is looking at right how. |
| 76 | + * Matteo, don’t run npm install on production machines. Security WG might provide |
| 77 | + guidance not to do that. |
| 78 | + * Joel, agree but unfortunately some teams do their own thing. |
| 79 | + * Lance may also be some complications in the container. |
| 80 | + * Joel will open issue in Security WG repo to ask if group can develop some guidance |
| 81 | + around production deployment. |
| 82 | + |
| 83 | +## Q&A, Other |
| 84 | + |
| 85 | +* No questions this week. |
| 86 | + |
| 87 | +## Upcoming Meetings |
| 88 | + |
| 89 | +* **Node.js Foundation Calendar**: https://nodejs.org/calendar |
| 90 | + |
| 91 | +Click `+GoogleCalendar` at the bottom right to add to your own Google calendar. |
| 92 | + |
0 commit comments