Closed isaacs closed 7 years ago
Ping @nodejs/security-wg
Sounds like someone in @nodejs/security should be the owner to me, though I'm not aware of how many owners a ggroup can have, or how Node manages credentials for sensitive assets.
I'd say @isaacs could transfer the ownership to any active CTC+security member for now so he doesn't have to be involved out of the conversation. Perhaps @jasnell @MylesBorins or @mhdawson?
I notice that the list is used (and I'm subscribed), but I'm not sure what the process is for its use.
I'm happy to be the owner and I'm part of both the CTC and @nodejs/security.
added @mhdawson. Use this power with great responsibility. You can add other owners by performing a depth-first search of the interface starting here: https://groups.google.com/forum/#!managemembers/nodejs-sec/groups
Thanks @isaacs, and thanks for caretaking the list for all these years.
You're welcome, but since this list is read-only, there's basically zero caretaking to be done. I'd forgotten I owned it until @mhdawson pinged me about it :)
@isaacs thanks for your help and I'll make sure to be careful in adding people.
Currently I'm the only owner on this group, and I'm not active with it at all. https://groups.google.com/forum/#!forum/nodejs-sec
It's a low-traffic list for posting node.js security disclosures. It is for distribution, not discussion, so there's really no moderation involvement. Just needs someone to be the official owner. Probably should be someone in @nodejs/security or CTC or something.