Skip to content

Instantly share code, notes, and snippets.

@jonchurch

jonchurch/2024-03-04-Express-TC-Meeting-Minutes.md Secret

Last active March 4, 2024 22:38
Show Gist options
  • Save jonchurch/35d4a2083d2aa6654e52916f0eb99842 to your computer and use it in GitHub Desktop.
Save jonchurch/35d4a2083d2aa6654e52916f0eb99842 to your computer and use it in GitHub Desktop.
Download ZIP
2024-03-04 Express TC Meeting Minutes
Raw
2024-03-04-Express-TC-Meeting-Minutes.md

2024-03-04 Express TC Meeting Minutes

attendance: Wes Todd, Blake Embrey, Rand Mckinney, Jean Burellier, Ulises Gascon, Jon Church

Agenda:

Github Issue (Agenda)

Agenda items are currently pulled from issues tagged top-priority in the Discussions repo

Announcements

  • 4.18.3 released less than a week ago, has over 2 Million downloads so far.

Recurring Meeting cadence

expressjs/discussions#195

  • There was has been discussion about the cadence being changed, and the attendance policy.
  • Jonchurch brought up whether or not the existing TC is okay with the cadence and expectations, as it is a change from the less often meetings before.

Discussion:

  • Is the expectation that the full TC attends every meeting?
  • Rand agrees that its fair to have an inactivity policy, so long as it is not draconian.
  • We don't need to lock on an inactivity policy right now, as we don't really intend to kick people out in the near term for being inactive while we are still figuring out cadence

Express LTS Strategy

expressjs/discussions#196

  • Jean says releasing Express v5 should be a prio
    • What Node version do we want to support?
      • Today v5 is Node v4 minimum supported
      • Here is the Migration guide currently on the website for express 5 https://expressjs.com/en/guide/migrating-5.html
      • There is an Express LTS issue with discussion about an LTS strategy expressjs/discussions#196
      • Wes sees v5 as a stepping stone, and suggests that we write an LTS policy doc, include that v5 is a unique case.
      • jean suggests using v14 as the lowest support level for v5
      • Ulisses, how long do we want to support v4?
        • He would like to see it supported for years to come
        • Wes says he'd like to see "no less than a year, ideally 2 years", talking about security patches.
        • Jean says, 1 year of maintenance, 2 years of security updates
        • Ulises says maybe consider sponsorship from companies who require longer support for security

Decision:

  • Support Node 14 for Express 5
  • Jean will open a PR with the LTS strategy discussed

Github Project

Wes created a Github Project to try out using it as a means to track work happening.

Security Update

  • OpenJS Foundation has offered a Security Audit, the kickoff meeting happened already
  • There are a lot of questions about what working with them entails, and they are flexible to work how the team wants to
  • Wes suggests handing it off to the Security Working Group
  • Security WG was created in expressjs/discussions#165
  • There will be a public part, streamed meetings. And a private component for WG members, so reports can be triaged in private before a fix is released.

Decision:

  • Hand off the Audit to the Security WG.

Misc

Rand before he had to leave brought up that there is a lot of Documentation work which needs to be done. We're hoping to leverage the community to swarm on docs, once we know what needs to happen.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment