►
From YouTube: 2021-08-12 Node.js Release Working Group Meeting
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
I
believe
they
they
fixed
three
three
vulnerabilities,
and
I
guess
it's
worth
mentioning
now,
and
there
is
a
potential
regression
in
there
around
building
against
shared
sierras,
but
we're
looking
at
that
and
hopefully
get
a
fix
out
if
we
can
in
the
next
releases.
A
Yeah
yeah,
I'm
just
checking
it
had
a
different
interface.
I
was
a
bit
confused,
so
it
looks
like
we're
scheduled
up
until
later
in
august,
but
I
guess,
while
we're
here
should
probably
add
a
release
that
we
did.
A
For
14.,
michael
you're,
you're
prepping,
the
next
miner,
aren't
you
are
we
still
hoping
for
august
for
that?
One.
A
A
A
A
And
next
on,
the
list
is
the
release
keys.
I
know
you
mentioned
it
richard.
I
don't
know
if
you
would
like
to
summarize.
B
Yeah
for
a
very
long
time,
as
long
as
I
can
remember,
we've
had
some
instructions
in
the
readme
and
the
core
repo
for
verifying
the
signatures
on
the
show,
some
so
that
we
upload
with
it
to
release
that
involves
pulling
down
a
copy
of
the
public
gpg
keys
that
we
use
to
sign
the
release
and
then
verifying
that
chasm's
file
against
the
public
key.
B
What's
the
word,
they've,
basically
sort
of
gone
away
or
not
been
updated,
so
it's
kind
of
left
everything
in
a
very
fragmented
state.
So
someone
very
recently
opened
a
pr
to
update
the
instructions
which
no
longer
work
because
the
ip
so
the
named
server
no
longer
resolves
to
an
ip
address.
So
someone
opened
the
pr
to
update
that
to
one
of
the
other
servers
in
the
sks
key
server
pool.
B
So
I
thought
I'd
add
it
to
the
agenda
today,
but
I'd
forgotten
at
that
time
that
I
added
it
that
there
was
an
earlier
pr,
that's
still
open
by
nick
to
change
the
instructions
to
use
the
open,
pgp
or
ubuntu
key
servers,
which
is,
I
think,
what
the
docker
repo
and
the
unofficial
build.
Repo
are
now
using
to
verify
releases.
B
I
know
we
have
a
long
term
plan
or
a
medium
term
plan
to
switch
the
keys,
git
repo,
which
we
were
setting
up,
and
I
don't
know
if
it
isn't
a
fit
state.
Yet
we
probably
need
to
double
check
again
yeah
but
yeah.
It's
basically
the
current
instructions
don't
work,
so
we
probably
need
to
update
them.
Yeah
yeah.
It's
just
updating
them
to
something
sensible.
I
kind
of
feel
that
it
probably
doesn't
make
sense
to
to
replace
it
with
another
sks
key
server
server.
A
B
And
especially
because
I
I
think,
there's
a
sort
of
thing
about
key
propagation,
where
I'd
like
to
avoid
us
having
to
upload
our
gpg
keys
to
I'd
like
to
minimize
the
number
of
places
we
have
to
upload
them
to.
So
I'm
not
saying
that
you
can't
upload
them
to
all
these
places,
but
if
every
releaser
has
to
upload
their
key
to
in
a
growing
number
of
different
places,
it's
going
to
become
very
difficult
to
keep
them
updated.
A
B
So,
that's
that's!
That's
the
open
pr
that
I
think
nick
has
opened.
Okay,
the
second
one
in
the
so
in
the
number.
B
That's
39227
in
the
court
in
the
node.
B
So
that
might
be
something
we
need
to
check
before
merging
it.
I
can't
remember
which
one,
but
I
did
at
one
point,
go
through
both
ubuntu
the
ubuntu
key
server
and
the
pgp
key
server,
and
I
think
we
were
all
on
them,
but
there
may
have
been
a
discrepancy,
and
I
can't
remember
what
the
discrepancy
was.
It
may
have
been
something
like
it
might
have
been.
Your
key
beth,
but
yeah,
probably.
B
That
I
don't
know
I
I
don't
know
whether
that's
just
because
of
the
sort
of
fallback
mechanism,
if
you
temporarily
can't
get
to
what
the
other
one,
at
least
with
the
sks
key
servers.
It
was
quite
quite
normal
to
get
a
sort
of
timeout
or
bad
response,
and
then
you
try
again
and
it
will
pull
you
to
a
different
server.
B
Yeah,
so
you
know
it's
kind
of
up
to
individuals
if
they're
comfortable
doing
that,
but
I
think
you
can
still
get
the
key,
so
the
key
can
be
uploaded.
It's
just
the
identification
of
the
email
address,
which
is
only
done
if
you've
opted
in.
I
think
it's
like
a
double
opt-in.
Isn't
it
something
like
you,
you,
opt-in?
It
sends
you
an
email,
and
then
you
confirm.
B
B
C
C
B
C
In
in
the
request,
number
39227.
B
Okay-
I
I
admit,
admittedly
I
I
I
don't
know
the
technical
I
I
know
a
bit
about
bgp,
but
only
what
I've
been
able
to
uncover
while
trying
to
sign
releases
so
yeah
it's
there
might
be
a
technical
reason.
I
don't
I
don't
know.
I
I
thought
the
the
github
repo
had
keys
in
ascii
arma
format,
which
should
be
importable
into
a
local
key
ring,
but.
C
A
A
Whatever
it's
called
the
open
one
and
make
sure
that
the
node
call
readme
instructions
also
uses
that
one.
If
docker
have
to
use
it,
we
may
we
might
as
well
not
tell
people
two
different
methods.
If
we
don't
have
to
okay.
A
A
A
Okay,
quick
meeting
then-
and
I
guess,
leave
it
there
I'll
add
the
minutes
and
make
sure
I
call
out
those
actions
and
we
can
regroup
in
a
couple
of
weeks.