Skip to content

Name this Working Group #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
rvagg opened this issue Nov 30, 2016 · 7 comments
Closed

Name this Working Group #4

rvagg opened this issue Nov 30, 2016 · 7 comments

Comments

@rvagg
Copy link
Member

rvagg commented Nov 30, 2016

As raised by @Trott in #2 (comment), "Node.js Security Working Group" might not be the best name as it may lure people to think that they should report issues via the issue tracker here.

So, one of the first jobs of the group forming here is to decide on the name, both the full name and the repository name.
@joshgav
Copy link
Contributor

joshgav commented Jan 20, 2017

Thinking and thinking, Security seems the most concise and descriptive title for what this WG proposes to do. Other suggestions that come to mind include:

  • Trust - because the goal of better security policy is to promote trust. But it doesn't tell much about what this WG proposes to do.
  • Security Policy - because this group is about managing security rather than security itself. But that's not really true, it's also an advisory group for security itself.
  • Vulnerability - because a prime job will be managing policy and process for vulnerabilities. But that's a negative name and also only part of the proposed scope.

So I think we should call this group Security as proposed, and rename the private group as Disclosures or Vulnerabilities.

@rvagg @Trott

it may lure people to think that they should report issues via the issue tracker here

We could have a big (blinking!) banner on the README and in the issue and PR templates redirecting people to the Disclosures email for actual vulnerability reports. Seems that would be sufficient diligence.

@gibfahn
Copy link
Member

gibfahn commented Jan 20, 2017
edited
Loading

+1 to Security WG for this group and Vulnerabilities for the private one.

The private group is only used for reporting vulnerabilities right? So that name really makes more sense. (IMHO).

@williamkapke
Copy link

At NINA, there was positive opinion towards the existing one being called the Security Response Team (it isn't a Working Group)

My opinion is that the new group should be called the Node Security Committee which oversees the Node Security Project... along with the other proposed security activities.

@sam-github
Copy link
Contributor

sam-github commented Feb 16, 2017
edited
Loading

I like the names proposed in #4 (comment), with the caveat that we most emphatically do not oversee the Node Security Project, that is an existing project, not ours, we shouldn't steal its name, and the name wasn't given to use. The group will oversee a Node Foundation Vulnerabilty Database (EDIT: actual name is still TBD) (seeded with a donation from nsp).

@sam-github
Copy link
Contributor

Any other thoughts, @nodejs/security-wg ?

@drifkin
Copy link
Contributor

drifkin commented Jul 28, 2017

👍 to Security Response Team and Node Security Committee. I think it makes things more clear.

@sam-github
Copy link
Contributor

I don't think there is any appetite to rename this from "Security WG", though perhaps if the security response team at-nodejs/security gets reorganized the issue will come up again.

Shall we close for now if there isn't something actionable?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@sam-github @drifkin @rvagg @williamkapke @joshgav @gibfahn