►
From YouTube: Node.js Security Working Group Meeting 12-3-18
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
A
B
Yeah
question
about
that's
right
there,
so
that
happened.
They
like
game
is
his
first
term.
This
first
comment
was
I,
don't
think
all
were
validated
or
respondent,
so
I'm
unwilling
to
share
publicly.
How
does
he
feel
about
us
running
a
tool
on
the
spreadsheet
generating
a
bunch
of
JSON
and
adding
it
to
our
database?
That
would
essentially
be
sharing
it
publicly.
I
mean
some
of
these
might
be
effectively
zero
days.
B
A
A
B
A
Yeah
we
have
the
same
issue
in
the
company
in
the
Bay
Area
we,
which
reported
as
a
lot
of
other
issue
that
are
all
the
same,
but
in
diverse
balloon
and
since
it
has
been
automated
it's
the
world,
we
have
to
ensure
the
exploit
ability
of
each
of
them
before
raising
your
report.
Otherwise
we
are
just
making
noise
for
not
much
right.
A
B
What
I
one
of
the
issues
affects
me
is
that
if
we,
if
we
import,
if
there's
some
like
sing
song
and
DM
package-
and
we
import
and
say
it's
vulnerable
to
a
reg
xyx
at
ACK,
unless
there's
some
sort
of
human
interactions,
we
won't
know
if
it
ever
gets
fixed
like
who's
the
person
whose
module
it
is
might
just
not
exit,
in
which
case
we
would
say
that
they're
all
vulnerable
or
we
would
have
to
let
go
back
periodically
in
check
and
I.
Wonder
I,
don't
know
if
NPM
is
odd.
B
It
is
pulling
from
this
repo
I
guess.
One
of
the
plus
sides
is
if
we,
if
we
do
just
bulk
mark
modules
as
vulnerable
in
in
this,
in
this
security
working
group
or
vulnerability
database,
and
if
I
get
did
it
make
its
way
into
NPM
and
people
who
are
using
the
module
started,
seeing
nasty
warnings
and
it
during
npm
install'.
That
might
be
enough
social
pressure
to
like
they
might
even
just
come
back
and
say:
hey,
listen,
that's
not
a
vulnerability.
A
A
So
we
had
an
issue
a
cappella
a
couple
months
ago
of
someone
who
complained
about
a
report
that
was
not
actually
a
real
vulnerability
and
we
complained
that
it
impacted
their
development
process
because
right
we
reported
of
emeriti
that
could
not
be
fixed
because
it
was
not
one.
So
the
person
complained
publicly
on
the
working
group.
B
A
A
You
could
go
through
the
data
set
and
given
are
we
sorry,
a
recommendation
based
on
the
content
of
the
data?
How
many
modules
are
RBT,
Domini
are
still
maintained
and
water
protection,
your
chairman,
will
take
and
rerun
and
frozen
Scouts
risk
of
that
connection.
No
problem,
dear
Anna,
we
get
six.
Okay,
let's
move
to
next
item,
then.
A
A
A
B
A
I'm,
not
sure
I
think
that's
all
of
them:
okay,
old
ones,
too.
Everything
says
Iran
Iran
for
moving
to
the
new
week.
Oh
we
said
we
wanted
to
have
the
two-week
old
life
at
the
same
time,
meaning
that
there
would
be
one
period
of
60
days
where
the
old
and
the
new
epoch
are
synced.
If
we
want
to
change
I.
B
Me
too,
I
don't
have
a
lot
of
stake
in
this
game.
Maybe,
but
is
it?
Is
it
a
good
idea
that
aren't
IDs
supposed
to
be
stable
and
eternal?
Should
we
really
be
changing
them
but
help
hold
any
anybody
who's
currently
imported?
Our
database
is
suddenly
gonna.
Have
a
deduplication
car
look
they're
gonna
have
all
of
these
new
reports
with
different
IDs
and
then
some
they
might
not.
Thank
us
for
that
or
perhaps
I
misunderstand
other
reason.
You.
B
A
B
A
Sorry
renters
and
maybe
a
breaking
change,
because
there
is
no
new
marriage
and
we
will
make
it
to
strangers.
Larhonda
try
I
suggested.
We
use
two
different
fields.
We
keep
the
old,
we
tip
the
old,
we
keep
the
old
ID
named
ID,
and
maybe
we
name
it
vulnerability,
ID
walking,
group,
ID,
I,
don't
know
and
that
that
field
would
be
a
strain
right.
B
So
personally,
given
that
nobody
nobody's
objected
to
the
new
report
ID-
and
it
is
a
string
and
I-
think
it
would
have
been
unwise
of
anybody
to
assume
that
the
ID
was
some
sort
of
monotonically
increasing
number
or
something
I,
don't
have
a
problem
with
just
thought
of
changing
the
ID
format
for
new
IDs
and
anybody
who,
for
some
reason
was
was
using
number
in
their
databases
or
whatever
we'll
have
to
convert
them
to
strings
all
right.
That
doesn't
strike
me
as
terrible
yeah.
A
To
be
honest,
as
someone
who
use
the
the
content
of
the
database
I
just
use
the
idea
strings
of
a
specific
reason
that
otherwise
I
don't
really
mind
what
they
contain
as
long
as
hey
I
agree,
so
Iran
says
so
some
I
purse.
This
concern
under
issue
long
time.
Before
making
this
change.
We
we
did
it.
Okay,
sorry
I
misread
that
so
Sam
I
pass
this
concern
under
issue
and
please
chiming
to
see
if
that
works
for
you
or
not,
because
we
did
give
a
long
time
before
making
this
change.