Open Source Maintainers Meeting 2023-02-09
Links
Present
Use github alias
- Admins team: @onebeyond/admins
- Maintainers team: @onebeyond/maintainers
- Ulises Gascon: @ulisesGascon
- Íñigo Marquínez Prado: @inigomarquinez
Announcements
- We are streaming on Youtube!
- Changed repo name from admin to maintainers
- Rollback to the previous logo
Agenda
Repo template as baseline
- See #1
- New metafile had been added
SECURITY.md
Prototype Pollution in JSON5 via Parse Method
- See #21
- No progress on this.
- Not very urgent as it's low risk
Create a secrets management repository
- See #30
- Created a private repo by Ulises in the other organization
Repos with NPM version mismatch
- See #29
- Serrano solved one 🎉
- Ulises and Íñigo working on some others
- Potential deprecation of some packages (7 years without maintenance)
Missing NPM Package publication permissions
- See #28
- Pending to contact current owners of some npm packages to be able to deprecate them (anyway we can publish new releases in onebeyond org)
Unify licenses in Repositories
- See #27
- PRs are still pending
OpenSSF Scorecard implementation
- See #41
- Not a fantastic score right now.
- Detailed issue explaining the topic with actionable items (lead by Ulises)
- We made some testing with systemic-knex scoring, there is an issue to sign the projects (https://github.com/ossf/scorecard/issues/2639)
- This checks will cover many topics as Code reviews, enforcing rules, etc...
Initiatives for 2023
- See #20
- Start the discussion asynchorniuasly
Q&A, Other
- Ulises will love to have a separate discussion for Systemic Ecosystem
- table with compatibilities (systemic version - nodejs version - wrapped tool version)
- Carlos will love to propose the creations of an engineering guidelines for open source projects
- CONTRIBUTING.md + separate document + include in baseline repo
- Betis started a discussion about open sourcing internal products like mood tool, gratitude, project review tool... (Ulises will check internally)
Upcoming Meetings
- In two weeks!