doc: add meeting minutes 2023-08-17 (#1081)

* doc: add meeting minutes 2023-08-17 * Update meetings/2023-08-17.md Co-authored-by: Ulises Gascón <ulisesgascongonzalez@gmail.com> --------- Co-authored-by: Ulises Gascón <ulisesgascongonzalez@gmail.com>
nodejs · Aug 18, 2023 · e0a2cb6 · e0a2cb6
1 parent 94f017f
commit e0a2cb6
Showing 1 changed file with 56 additions and 0 deletions.
diff --git a/meetings/2023-08-17.md b/meetings/2023-08-17.md
@@ -0,0 +1,56 @@
+# Node.js  Security team Meeting 2023-08-17
+
+## Links
+
+* **Recording**:  https://www.youtube.com/watch?v=7MGcnoZW_cE&ab_channel=node.js
+* **GitHub Issue**: https://github.com/nodejs/security-wg/issues/1072
+
+## Present
+
+* Michael Dawson (@mhdawson)
+* Rafael Gonzaga (@RafaelGSS)
+* Ulises Gascon (@ulisesGascon)
+* Marco Ippolito (@marco-ippolito)
+
+## Agenda
+
+## Announcements
+
+*Extracted from **security-wg-agenda** labelled issues and pull requests from the **nodejs org** prior to the meeting.
+
+- [X] Vulnerability Review - https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues
+  - closed all of the OpenSSL vulns as they were fixed in the last security release
+  - some discussion of how to get the llhttp reports fixed as problem in how levels affected were were reported as it does not apply to 16 or 18
+
+- [x] OpenSSF Scorecard Monitor Review
+  - https://github.com/nodejs/security-wg/issues?q=is%3Aissue+OpenSSF+Scorecard+Report+Updated%21+
+  - Ulises will check with @ovflowd if a refactor can be done in one of the workflows for nodejs/nodejs.org 
+
+### nodejs/security-wg
+
+* Audit build process for dependencies [#1037](https://github.com/nodejs/security-wg/issues/1037)
+  * Marco is looking to it
+
+* Initiative for CII-Best-Practices for Nodejs Projects [#953](https://github.com/nodejs/security-wg/issues/953)
+  * Silver level is going to be merged, and then Ulises will coordinate the update in the website
+  * Gold level seems more related to organizational matters, we start to work offline on it to update the PR.
+
+* Permission Model - Roadmap [#898](https://github.com/nodejs/security-wg/issues/898)
+  * Breaking change coming: https://github.com/nodejs/node/pull/49047
+  * Discussion around config file support https://github.com/nodejs/security-wg/issues/1074
+  * path.resolve implementation in stand-by
+
+* Automate security release process [#860](https://github.com/nodejs/security-wg/issues/860)
+  * No updates. Waiting OpenJS response.
+
+* Assessment against best practices (OpenSSF Scorecards ...) [#859](https://github.com/nodejs/security-wg/issues/859)
+  * Ulises will open PRs to increase the scoring in key projects within the org 
+
+## Q&A, Other
+
+## Upcoming Meetings
+
+* **Node.js Project Calendar**: <https://nodejs.org/calendar>
+
+Click `+GoogleCalendar` at the bottom right to add to your own Google calendar.
+