One Beyond Open Source Maintainers Meeting 2023-04-20

Present

Use github alias

We are in the Scorecard StepSecurity Dashboard Beta.
- Dashboard for Guidesmiths Org
- Dashboard for OneBeyond Org
Socket.dev has been added to the maintainers repo and others. Report example
Published the last release for onebeyond/systemic-knex with the new provenance system in NPM. See

See #65
We will try this approach with cuckoojs and shieldjs
We will decide in the future if this approach can be adopted by other projects in the organization once the example roadmaps can be evaluated
We will need to document this process

See #59
Removed from agenda but keep it in the radar so we can add it at least for most used repositories

See #58
We will be using release-please
@Carpase will use the project systemic-knex or license-checker to show how release-please can be integrate in a simple project

See #41
A lot of things can be done automatically, but first we need to prioritize projects and then start fixing problems reported by the scorecard.
@UlisesGascon is leading the initiative
@UlisesGascon will upgrade the reporting tool soon with a new visualizer that solve some of the current problems
Once the categorization is clear we can start working on adding an automation to maintain and submit the OpenSSF Best Practices Badge Program

We will create an issue to define tiers for all the projects that we maintain. Then we will start deprecating and archiving old projects. @UlisesGascon will lead the initiative, see
We will create a Newsletter to make an easier way to follow the changes (releases, news, changes...) from our projects. This will be more like an auto-reporting than a conventional newsletter. @UlisesGascon will lead the initiative and create a specific repository for this.
@UlisesGascon will migrate the Cybersecurity Handbook to the One Beyond Org and refresh the content
We will need to add the Maintainers/codeowners into the Readme and codeowners in each project. @UlisesGascon will create an issue for this