One Beyond Open Source Maintainers Meeting 2023-03-23
Links​
Present​
Use github alias
- Admins team: @onebeyond/admins
- Maintainers team: @onebeyond/maintainers
- Ulises Gascon: @ulisesgascon
- Íñigo MarquĂnez Prado: @inigomarquinez
- Carlos Serrano: @carpase
- Carlos Jiménez: @Betisman
- Matteo Di Paolantonio: @MatteoDiPaolo
Announcements​
- Scorecard Updated to new version (bump to beta3 - issue mentions, tags and fix link)
- Best project in OpenSSF Best Practices: Systemic-Knex. See
Review Scorecard results​
Agenda​
Repo template as baseline​
- See #1
- Almost everything is included using community health files, and we don’t have anything more to add right now to the template. So we’ll close the issue and we’ll open new ones if we want to include more things to the template.
Metafiles Definiton​
- See#15
- Already included CODE_OF_CONDUCT, Issue and pull request templates and SECURITY
- Still missing CONTRIBUTING, Discussion category forms (we don’t want this one right now), and SUPPORT. We’ll add them taking into account examples of well-know organizations.
Prototype Pollution in JSON5 via Parse Method​
- See #21
- Still in progress. We’ll remove it from the agenda and inform once it’s solved
Missing NPM Package publication permissions​
- See #28
- Still working on it
Repos with NPM version mismatch​
- See #29
- Still working on it
Checklist for existing and new repositories​
- See #42
- The draft tool we’re using is here.
- The code has been improved to use GitHub’s GraphQL.
- The output has been improved to render in JSON and CSV (next will be markdown).
- It has already been used to detect some improvements in different repos of the OneBeyond org, and they have been fixed (mainly main branch protection and license).
- The idea is to generate a GitHub action that can be run periodically to analyze the generated repost (similar to the scorecard).
Verifying or approving a domain for our organization​
- See #51
- Does this affect to our github pages? Check the documentation
- Ask IT to do the domain verification
BUG: Restore nuget CI publicacion for Monaco​
- See #56
- Temporal patch (using @inigomarquinez personal token) that we should remove once we have a microsoft account and nuget account with that email
FEATURE: Release drafter​
- See #58
- We have different alternatives to auto-create new releases with changelog. @carpasse and @inigomarquinez will do some demos to decide
Scheduled reminders​
- See #59
- We find it interesting so it should be something to investigate because it can be interesting to add it progressively
Two-factor authentication​
- See #60
- 99% of the users use 2FA. We have decided to do it mandatory. It will remove from the organization those users without 2FA (only 1 right now).
Q&A, Other​
- N/A
Upcoming Meetings​
- As it’s Easter in two weeks time, next meeting will be in one month (20th April 2023)