►
From YouTube: 2022-02-01-Package Maintenance Team meeting
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
That
happened.
That's
right!
Okay,
welcome
to
everybody
for
the
node.js
package,
maintenance
team
meeting
for
february
1st,
which
we
were
just
talking
about
it's
a
new
month.
We
will
follow
the
agenda
that
was
tagged
in
the
repo
which
was
issue
number
508
here.
Let
me
paste
the
link
so
that
everybody
can
who's
here
in
attendance
can
put
themselves
into
the
attendees.
So
far,
it's
michael
myself,
dominique
and
owen,
and
we're
all
in
actually
you
you
we're
all
in
zoom
this
time.
A
So
I
don't
need
to
read
that
yet,
but
before
we
get
started,
does
any
anybody
have
any
announcements
they'd
like
to
share.
B
Yeah,
probably
that's
a
good
time
right.
I
tagged
a
v0.1
of
the
pkg.js
action.
It's
basically
self-updating
node
matrix,
which
automatically
adds
to
new
releases.
So
yeah,
please
use
it.
Please
give
feedback.
C
B
I
don't
know
I'm
not
good
at
these
things
right,
that's
why
it's
taking
so
long,
actually
yeah.
No,
I
I
I
started
opening
up
for
requests
or
rather
issues
and
then
pull
requests
on
various
node.js
or
repos.
I
also
opened
some
on
pkg.js
or
as
well,
though
there's
one
failing
I'll
fix
that
up.
So
that's
a
start.
B
It's
a
0.1,
so
I
would
understand
reluctance
but
yeah.
I
guess,
may
announce
it
on
the
on
the
on
the
openjs
and
node.js
slacks
for
folks,
so
yeah
good.
A
A
B
So,
regarding
the
blog
post,
I
was
thinking
that
maybe
we
could
tag
a
v1
and
then
do
the
blog
post.
Okay,
because
v0
you
know
according
to
somewhere
anything
goes
even
if
we
make
a
promise.
I
don't
want
to
introduce
too
much
churn
for
people,
so
yeah
jordan
kind
of
raised
concerns
that
maybe
it's
we
need
to
collect
more
feedback
before
we
tag
everyone
so.
A
Have
these
different
channels
and
the
node
the
node,
I
don't
know
what
it
is,
but
it
has
like
500
000
followers.
So
if
we
want
to
broad
hey,
try
it
out,
that
might
make
sense,
or
maybe
we
want
to
keep
it
as
a
smaller
try
it
out
before.
Then
that's
what
I'm
saying.
A
B
A
C
Yeah,
I
recognize
you
know
we
want
to
share
with
some
people,
just
not
everybody
but
who's-
that
first
small
sample
to
start
with.
You
know,
but
yeah
I
can
play
around
with
this
too
appreciate.
A
A
Okay,
the
next
one,
the
first
one,
the
first
one
issue
on
our
agenda-
is
2022
promotion.
Events
number
506..
Now
I
don't
think
we
have
the
team
members
who
are
going
to
focus
on
that.
So
I
don't
have
an
update
to
does
anybody
else.
C
Would
that
include
like
open
jscfp,
or
is
it
just
for,
I
guess,
what's
the
who's
who's,
the
subject
of
the
promotional
events
in
this
case?
Is
it
just
basically.
A
It's
it's
to
like,
let's
put
together
our
overall
plan
for
this
year,
and
you
know
it's
like:
let's
talk
about
an
article,
some
talks
we
might
submit
to
like
openjs
and
roundtable
now
I
guess
that
is
a
good
point,
though,
that
openjs
world
the
cfp
is
open
now.
So
if
we
do
want
to
submit
a
talk,
now
is
the
time
to
do
that
right.
C
A
C
A
Group
yeah,
what
what
the
guy
you
know
promoting
the
work
of
the
team,
but
I
was
going
to
say
we
should
we
can
wait
till
you
know.
Bostrick
and
glenn
are
here
next
time,
but
I
think
it
is.
We
do
need
somebody.
If
we're
gonna
do
a
submit
a
talk
for
openjs
world.
We
need
to
get
a
volunteer
who's.
Gonna
submit
that
do
they
have
lightning.
C
A
C
A
C
I
have
a
topic
of
my
own
for
open,
jsf,
so
yep
I
don't
mind
putting
together
like
abstracts,
but
I
don't
want
to
be
the
guy
that
shows
up
with,
like
five
conference,
talk,
proposals
and
kind
of
nudge.
My
way
out
of
you
know
the
main
one
I
wanted
the
main
one.
C
C
Plus,
maybe
if
there's
you
know,
I
don't
know
if
there's
ever
preference
for
like
maintainers
or
leads
within
that
group
not
to
play
favorites
but
anyway
I'll
put
a
comment
in
there
about
sharing
those
and
see
if
anybody's
interested,
because
even
if
someone
writes
the
abstract,
we
still
need
someone
to
give
it
yep.
Is
it
a
face.
A
C
A
That
I
I
haven't,
I
haven't
been
part
of
the
program
committee,
so
but
I
do
hear
you
know
what's
going
on
indirectly,
that's
yeah
that
that
specific
one
I
haven't
heard
either
way,
though,
is
there
a
collapse
of
it
happening,
definitely
planned
to
be
the
two
days
after
the
conference.
A
A
Yeah
I
mean
that
that
the
I
haven't
seen
the
organization
of
the
node
part
of
the
plot
summit
startup.
Yet,
but
in
terms
of
the
planning
for
opengs
world,
there's
rooms
reserved-
and
you
know
those
two
days
after
the
main
conference
are
planned
to
be
a
node.js
summit
and
yeah,
I'm
pretty
sure
the
normal
process
has
been
like
you
know,
we
people
submit
their
their
proposals
and
most
of
the
time
we
get
like
if
we
want
to
have
a
session,
I'm
pretty
sure
we
can
get
a
session
in
there
yeah.
I'm.
D
A
A
Now
I
think
the
main
conference
is
the
tuesday
wednesday
and
then,
like
thursday,
friday
is
planned
to
be
the
collaborator
summits,
and
then
monday
is
like
a
training
day.
People
want
to
go
for
training,
that's
just
going
to
be
held.
C
Closes
three
no
february
14th.
A
Yeah
that's
soon.
Yes,
it
was
it's
been
open
for
a
few
weeks.
I
think
it
opened
up
about
the
beginning
of
this
month
and
yeah.
It
is
pretty
soon.
So
that's
why
I
was
thinking
like
if
we,
if
we
wanted
to
have
like
an
overall
you
know,
session
on
the
work
of
this
team.
We'd
need
to
find
a
volunteer
pretty.
A
A
I
guess
maybe
it'll
come
down
to
like
oh
and
if
you
submit,
if
you
put
your
ideas
in
there
and
if
there
is
somebody
who's
like
you
know,
interested
in
leading
submitting
a
session
on
on
the
work
and
leading
that
that
might
determine
whether
we
do
it
or
not
for
opengs
world
versus.
A
I
think
we
absolutely
should
do
something
for
the
the
collaborative
part.
A
That
make
sense
to
everybody,
yep,
okay,
so
dars.
So
I
mean
sorry
so,
oh
and
you'll
post
some
stuff
in
there
have
some
more
discussion
and
I
posted
the
link
in
to
say
there.
Here's
the
cfp
info-
and
I
guess
we
should
note
note,
let's
see
if
we
close
this
feb
14.,
just
as
people
are
reading
that
they
know
there
is
a
deadline,
so
sounds
good.
A
A
The
next
one
on
the
agenda
is
503
update
requirements
for
landing
prs
that
one
I
think,
let's
see,
we've
got.
A
Quite
a
good
number,
I
think
we've
got
at
least
our
four
probably
more
members
who've
approved,
and
I
think
it's
been
25,
probably
to
tomorrow
twenties
two
weeks.
Four
weeks
we
wait,
so
I
think
that
one
may
be
ready
to
land.
I
don't
think,
there's
too
much
else
to
discuss
on
that
one.
I
think
it
used
to
be
two
weeks
right.
A
A
Okay,
the
next
issue
was
team
membership-
audit
number
497
so
that
one
I
think,
last
time
we
discussed,
we
were
waiting
for
the
we'd
given
30
days,
especially
given
the
current
time,
but
I
think
we
are
now
past
that
so
we
commented
on
the
30th.
A
I
think
at
this
point
we
should
be
comfortable
in
going
through
and
enact
actioning
the
you
know:
if
people
haven't
responded,
we'll
move
them
to
emeritus.
Is
everybody
comfortable
with
that.
A
A
I
think
we
had
john
john
church
had
attended
a
couple
meetings
and
shown
interest
in
kind
of
picking
that
up-
and
I
think
glenn
has
mentioned.
Maybe
that
he's
got
it
on
his
backlog,
but
we
haven't.
Haven't
you
know.
Even
john's
comment
is
back
in
july,
so
it's
it's.
I
wouldn't
say
we
have
an
active
person
with
lots
of
time
to
move
it
forward.
Yet.
A
A
A
A
A
I
think
the
the
next
one
suggested
list
of
modules
to
help
to
get
support
info.
I
don't
really
have
an
update,
although
there
was
a
twitter
conversation
this
week
where,
like
somebody
was
like
hey,
you
know,
wouldn't
it
be
great
if,
if
package
owners
had
a
better
way
of
telling
us,
you
know
what
they
supported
and
how
they
did
it,
and
I
pointed
them
to
this
they're
like
wow,
that
looks
great.
A
I'm
gonna
see
what
I
can
do
to
help
promote
that
there's
a
little
bit
of
a
discussion
of
the
chicken
and
egg
problem,
but
that
otherwise
don't
really
have
an
update
in
terms
of
like
you
know,
concrete
progress
or
or
things
that
I've
worked
on
or
no
other
people
have
worked
on
to
move
that
forward.
But
I
still
think
we
should
leave
it
on
the
agenda.
A
D
So
just
notice
there
open
pr
from
2019
that
we
still
have
open
against
the
repository
for
two-factor
auth
nci,
which
I
know
dawn
opened.
I
don't
know
how
long
ago
yeah
almost
three
years
ago.
Now
I
guess,
like
our,
I
guess
my
question
is:
does
this
stay
open
for
infinite
time
or
what's
the
well?
Let's
take
a
look
which
one
is
that
this
is
pr282.
D
I
can
link
and
chat
here
for
yeah.
A
D
B
B
There's
also
some
renewed
work
on
near
from
sidon
optic,
the
reference
implementation
for
the
kind
of
remote
push
notification
based
otp
stuff-
I
don't
know
where
the
guys
are
with
that.
Actually.
B
C
B
C
B
C
D
Yeah,
so
I've
actually
got
the.
This
is
very
topical
because
I
have
a
call
set
up
this
week
with
our
cso,
so
our
chief
security
officer,
my
camly
who's,
also
gotten
involved
with
ossf
recently
or
github,
has
made
an
investment
there
for
sure
which
kind
of
duplicates
on
some
efforts
that
I
know
we
were
trying
to
to
kick
off
in
open,
jsf
and
yeah.
I'm
still
pushing
on
this.
D
It
was
essentially
de-prioritized
in
the
last
year,
so
we
I
can
say
that
there
hasn't
been
any
work
done
to
create
a
staging
environment
for
package
publishes.
That's
come
up
again
recently,
though
internally,
so
I'm
pushing
on
that.
I
do
think
that
the
rfc
encapsulates
most
of
our
ideas
from
a
couple
years
back
in
terms
of
how
this
could
be
implemented
and
why
it's.
D
It's
actually
provides
a
ton
of
value
having
sort
of
a
two-step
process
where
you
could
have
ci,
do
a
staged,
publish
with
the
limitations
around
that
not
being
short-lived
so
that
it's
similar
to
what
we
have
in
github,
which
is
action
artifacts,
which
only
have
a
time
to
live
of,
like
I
think,
30
to
60
days,
and
this
would
be
something
similar.
D
So
if
your
ci
runs
wild,
it
doesn't
create
all
these
artifacts
that
we
have
to
maintain,
and
it
also
creates
this
kind
of
contract
social
contract
that
you
can't
rely
on
that
for
production
like
you're,
not
going
to
ever
start
to
reference
that
version
stage
versions
of
packages
in
production
right,
because
they're
eventually
going
to
go
away
so
yeah.
This
is
definitely
something
I'm
pushing
on.
D
So
what
I
get
the
reason
also
to
bring
up
this
up
is
just
to
hopefully
hold
me
accountable
that
we
get
this
feature
soon
at
some
point,
because
I
do
think
it's
important
to
have
kind
of
those
two
things
separated
out
like
a
staged
staging
environment
and
then
the
action
of
a
promotion.
Now
the
action
of
actually
promoting
to
to
the
registry,
then
you
know
we
could
build
ui
around
that,
but
I
don't
have.
I
don't
have
scope
or
insight
into
any
kind
of
ui
that
would
be
introduced.
D
For
that
I
know
there
was
talks
of
you
know
what
it
would
be
great
if
npm
or
github
had
like
a
release
manager
interface,
that
you
can
essentially
do
that
promotion
through
a
button.
Click
right-
or
you
know
that
type
of
thing.
But
I
I
don't
think
that's
on
our
radar
right
now,
like
just
first
step,
is
let's
get
that
new
key
in
the
pacument
and
provide
an
api
that
actually
lets.
D
You
not
provide
a
different
api
but
allow
the
publish
endpoint
to
essentially
take
a
parameter
for
staging
like
a
boolean
essentially,
and
then
we
can
build
into
the
cli
tools
ourselves
and
other
package
managers
can
build
into
tooling
the
ability
to
essentially
queue
into
that
into
that
version.
That
type
of
place
this
this
yeah
yeah
this
this
function.
C
Is
the
staging
environment
like
obviously
or
is
it
like?
It
sounds
like
it's
pre-registry.
D
So
is
it
no
it'd
be
in
the
registry,
so
it'd
be
information
that
the
documents
that
we
have
right
now
are
mutable
anyway.
So
like
like
the
information
that
you
get
when
you
go
registry.mpmjs.org
slash,
lodash
is
going
to
give
you
information.
That
is
mutable.
So
it's
like
you
know.
If
you
add
a
new
collaborator
maintainer
to
that
package,
it
gets
reflected
right
away,
so
the
key
that
would
be
introduced
there
would
be
something
called
like
staged
versions.
It
would
look
very
similar
to
the
current
versions
object
that
lives.
B
D
But
it
would
be
a
reference
to
the
versions
that
exist
and
that
were
staged,
essentially
with
potentially
some
extra
metadata
around
it.
The
the
real
value
add,
I
think,
from
our
end,
if
we
introduce
something
like
this
is
to
do
scanning
prior
to
publication,
so
you
can
imagine,
like
security
scanning
prior
to
publication
was
really
beneficial,
and,
and
so
you
could
wait
essentially
have
some
sort
of
ci
drop
that
waits
until
scanning
completes
and
you
get
that.
D
On
that
staged
version
to
give
you
some
semblance
of
like
okay,
at
least
that
there's
some
type
of
audit
has
happened
and
then
you
go
up.
This
is
also
really
important
for
testing,
because
what
we
see
with
a
lot
of
folks
that
have
like
monorepo
instances
is
that
they're
spinning
up
for
dachio
servers
to
mock
the
registry
to
stage.
B
D
Their
packages
and
then
do
essentially
this
negotiation
of
like
oh,
if,
like
I
publish
all
these
packages
that
are
interdependent
on
each
other
because
they
have
a
monorail,
then
what
happens?
So
if
we
provided
a
mechanism
for
them
actually
do
that
just
by
adding
some
network
requests
but
having
less
configuration
and
not
doing
all
this
spinning
up
all
this
work,
then
they
could
essentially
also
use
it
for
testing.
So
then
they
spin
up
they.
They
essentially
do
the
staging
to
the
registry
of
all
their
monorepos,
and
then
they
run
tests,
and
then
they
can.
B
Discussed
this
last
time
we
didn't
have
overwrites,
which
is
also
should
make
all
of
that
much
much
easier.
C
So
it's
like
the
staged
version
like
something
if
say,
if
you
incorporated
that,
and
you
have
this
like
staging
step,
would
I
still
be
able
to
like
npm
I
low
dash
at
like
staged
or
something
like
that
or
is
it
still
closed
off.
D
Nope,
so
the
I
think
in
the
rfc
that
was
linked
in
in
this
discussion
references
a
flag
called
like
with
staging,
so
that
would
be
provide
us
a
way,
a
flag
to
say,
opt
into
looking
at
the
manifest
that
adds
these
staged
versions
to
it.
Gotcha
fantastic.
C
Because
I
know
that
at
least
I
maybe
I
read
it
wrong,
but
github
actions
does
have
like
a
manual
option
right
where
you
can
like
build
and
then
actually
go
into
the
action
and
click
a
button
to
like
say,
promote
like
as
say
a
static
build
or
I
guess
in
this
case
publish
I
mean.
I
know
that
you
don't
want
to
tie
everything
npm
to
github,
but
you
know
happy
paths.
D
And
stuff
at
least
yeah,
we
were
looking
at
how
we
could
leverage
like
those
are
stepped
environment
environments.
I
think
yeah
state
steps,
environments.
I
think
we
called
for
a
step
deployments.
Actually
I
think
it's
what
they
call
it.
So
it
has
to
meet
some
condition,
and
you
can
optionally
say
yes,.
D
Promoting
that
yeah
like
you,
could
essentially
use
that
as
the
gate
yourself,
if
you
want
to,
but
it's
not
the
gate,
it's
not
available
to
you
anywhere
right.
The
artifact
isn't
available
to
you
right.
So
that's!
I
guess.
C
B
I
right
building
a
workflow
that
does
the
publish
stage
to
real
is
is
much
easier
than
building
a
workflow
with
just
direct
publish,
primarily
because
the
stage
unstage
and
publish
command
would
be
very,
very
fast.
I
would
assume,
because
it
really
doesn't
have
to
do
much,
which
means
that
you're,
you
can
take
the
otp
as
an
input
to
your
action
to
your
manual,
which
is
not
something
that
you
may
have
easily
achievable.
B
D
D
B
There
are
some
foreign
policies
yeah.
There
are
some
similar
pocs
in
that
kind
of
area.
I
don't
know
if
I
have
updated
all
the
links
in
the
in
the
dock
itself,
but
I
know
there's
folks
who
use
slack
for
that
entering
the
otp
bit
and,
like
I
said,
neoform
has
built
optic,
although
I'm
not
sure
whether
it's
deployed
on
right
now
but
yeah
there's
been
some
renewed
work
on
that
area.
B
D
So
like,
if
we
introduce
the
staging
for
staged
versions
or
a
stage
publish
what
would
be
key
here,
is
that
the
token
potentially
that
would
be
allowed
to
stage
a
version
may
not
be
the
same
like
may
not
have
permissions
to
also
promote
the
version
right
right.
So
that's
that's
where
I
think
dom
is
speaking
to
that.
That
separation
concerns
where
you
know
you
still
want
to
put
something
up
there
test
it.
B
D
C
A
So
back
to
darcy's
original
question:
what
do
we
want
to
do
with
this
document
in
terms
of
next
steps?
Does
it
need
some
more
like
I
don't
know
dominique
if
you
want
to
do
a
pass
through
it's
in
the
drafts
directory,
so
I
don't
think
it
has
to
be
perfect,
so
you
know
I'd
be
if
you
said,
I
think
this
is
good
and
useful.
I'd
be
happy
to
approve
it
but
sort
of
what
do
you
think
we
should
do
there?
B
D
A
A
B
Yeah,
let
me
so
I
think
one
thing
that's
missing
from
the
dock
itself
is
that
it
doesn't
link
to
the
rfc.
I
think
so.
It
definitely
needs
that
added
and
with
the
whole
staging
idea
right,
because
all
the
other
ideas,
the
other
implementation
options,
the
staging
area.
Maybe
we
could
include
some
text
around
that,
but
we
can
do
that
post-merge,
so
yeah.
C
So
it's
like
you
know
we
can
go
from
fully
manual
to
you
know
stage
to
double
tokens
or
whatever
it
could.
You
know
landing
it
then,
to
your
point
I
think
just
means
as
long
as
we
keep
track
of
the
related
bits,
then,
hopefully,
when
those
land,
you
can
go
back
like
great
now
you
can
just
do
this.
Instead,
you
know
because
this
landed
whatever
and
just
cut
out
a
section
or
added.
You
know
alternate
flow,
but
maybe
at
least
just
getting
this
on
our
agenda.
C
Our
board
will
just
at
least
keep
it
in
eyes
and
minds.
Yeah,
maybe
just
worth
a
comment
saying
like
there's
a
couple
recent
developments
that
might
be
worth
reviewing
to
see
if
they
fit
into
this.
Otherwise
we
just
land
and
maybe
make
another
issue.
That's
just
like
track
these
developments
as
they
progress
and
when
they
do
go
back
and
update
the
stock.
You
know
to
trade,
a
pr
for
an
issue
or
something
like
that.
D
Put
out
for
2fa
enrollment,
so
this
like
very
quickly,
publishers
are
going
to
need
to
either
start
using
automation.
Tokens
explicitly,
I
think
so
that
that's
happening
this
year,
and
so
that's
why
this
is
going
to
be
something
that
we're
we're
definitely
going
to
want
to,
like,
I
don't
know,
improve.
That's
all
experience.
A
A
D
Wonder
who
generates?
I
wish
I
had
a
new
yeah.
I
remember
that
well
to
find
who
generated
that
and
slap
their
hands
yeah.
I
don't
know
I
don't
know
if
we
can
get
one
of
those
generated
again.
I
think
I
actually
did
probe
internally
a
month
or
two
back
to
try
to
get
a
new
one
generated
for,
for
I
know
folks,
on
this
call
and
just
in
general
to
have
that
information
available
I'll
I'll
circle.
Back
on
that,
I
can
promise
okay.
C
A
B
D
A
So
that'll
give
that
gave
me
time
to
think
of
another
one.
Another
thing
I
just
wanted
to
mention
there
we're
again
as
as
in
historical
work
but
like
when
we
created
the
pkgs
org.
We
didn't,
I
didn't
quite
close
on
all
the
governance
changes,
so
I'm
I'm
doing
that
now
and
and
so
one
thing
the
moderation
team
was
kind
of
like
we
need
to
know
a
little
bit
more
about
pkgs
and
what's
going
on
there,
who
are
the
people
you
know
so
that
in
terms
of
moderation,
they
have
the
context.
A
So
they
ask
is
that
I
create
a
meeting.
So
I've
done
that,
in
terms
of
like
I
created
a
doodle,
it's
in
that
issue.
If
people
can
fill
in
the
doodle
so
that
we
can
pick
a
time
and
get
together
with
them
and
basically
give
them
that
context
of
like
hey
here's,
here's
what
the
pkgs
org
is!
Here's
what's
going
on,
you
know
they
had
questions
like.
Are
there
any
things
of
particular
areas
of
concern
that
we
should
be
looking
out
for
or
anything
like
that?
A
A
D
A
E
A
The
pr
was
to
basically
update
the
moderation
documentation
to
say
it
covers
both
orgs
and
then
you
know
it
was
a.
We
created
the
orgs,
we
started
using
it,
it
was
approved,
but
we
didn't
actually
like
update
all
the
the
right
places.
So
now,
they're
like
oh
wait,
a
sec,
we
didn't
know
this
was
happening
right
and
then
you
know
asking
some
good
questions,
and
so
it's
you
know.
I
think
it's
the
easiest
way.
A
A
If
not
thanks
for
everybody's
time
and
those
who
may
be
watching
on
the
youtube
and
we'll
see
everybody
in
github
in
next
time,
thanks
bye.