Skip to content

Commit 8bc5ad0

Browse files
sam-githubsam-github
committed
meta: modify Ecosystem Security WG charter
PR-URL: #759
1 parent 753437e commit 8bc5ad0

File tree

1 file changed

+6
-9
lines changed

1 file changed

+6
-9
lines changed

WORKING_GROUPS.md

Lines changed: 6 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -424,22 +424,16 @@ Responsibilities include:
424424
backporting changes to these branches.
425425
* Define the policy for what gets backported to release streams.
426426

427-
### [Security](https://github.com/nodejs/security-wg)
427+
### [Ecosystem Security](https://github.com/nodejs/security-wg)
428428

429-
The Security Working Group manages all aspects and processes linked to Node.js security.
429+
The Ecosystem Security Working Group works to improve the security of the Node.js Ecosystem.
430430

431431
Responsibilities include:
432-
* Define and maintain security policies and procedures for:
433-
* the core Node.js project
434-
* other projects maintained by the Node.js Technical Steering Committee (TSC).
435432
* Work with the Node Security Platform to bring community vulnerability data into
436433
the foundation as a shared asset.
437434
* Ensure the vulnerability data is updated in an efficient and timely manner. For example, ensuring there
438435
are well-documented processes for reporting vulnerabilities in community
439436
modules.
440-
* Review and recommend processes for handling of security reports (but not the
441-
actual administration of security reports, which are reviewed by a group of people
442-
directly delegated to by the TSC).
443437
* Define and maintain policies and procedures for the coordination of security
444438
concerns within the external Node.js open source ecosystem.
445439
* Offer help to npm package maintainers to fix high-impact security bugs.
@@ -448,9 +442,12 @@ Responsibilities include:
448442
* other projects maintained by the Node.js Foundation technical group
449443
* the external Node.js open source ecosystem
450444
* Promote the improvement of security practices within the Node.js ecosystem.
451-
* Recommend security improvements for the core Node.js project.
452445
* Facilitate and promote the expansion of a healthy security service and product
453446
provider ecosystem.
454447

448+
This Working Group is _not_ responsible for managing or responding to
449+
security reports against Node.js itself. That responsibility remains with
450+
the [Node.js TSC][].
451+
455452
[Technical Steering Committee (TSC)]: ./TSC-Charter.md
456453
[Consensus Seeking]: http://en.wikipedia.org/wiki/Consensus-seeking_decision-making

0 commit comments

Comments
 (0)