docs: minutes for 2025-08-06 (#1779)

mcollina · ruyadorno · joyeecheung · web-flow · commit 8ecbc65568a1 · 2025-08-25T01:12:44.000-07:00
* docs: minutes for 2025-08-06

* Update meetings/2025-08-06.md

Co-authored-by: Ruy Adorno &lt;ruy@vlt.sh&gt;

* Update 2025-08-06.md

Co-authored-by: Joyee Cheung &lt;joyeec9h3@gmail.com&gt;

---------

Co-authored-by: Ruy Adorno &lt;ruy@vlt.sh&gt;
Co-authored-by: Joyee Cheung &lt;joyeec9h3@gmail.com&gt;
diff --git a/meetings/2025-08-06.md b/meetings/2025-08-06.md
@@ -0,0 +1,94 @@
+# Node.js Technical Steering Committee (TSC) Meeting 2025-08-06
+
+## Links
+
+* **Recording**:  <https://www.youtube.com/watch?v=dtrWqmHiJdI>
+* **GitHub Issue**: <https://github.com/nodejs/TSC/issues/1774>
+* **Minutes Google Doc**: <https://docs.google.com/document/d/1D6VWgytcsxxdP3IAqedcmCqhpsiwB1LcoN2fh1JlL4E>
+
+## Present
+
+* Ruben Bridgewater @BridgeAR (voting member)
+* Joyee Cheung @joyeecheung (voting member)
+* Chengzhong Wu @legendecas (voting member)
+* Matteo Collina @mcollina (voting member)
+* Filip Skokan @panva (voting member)
+* Rafael Gonzaga @RafaelGSS (voting member)
+* Darshan Sen @RaisinTen (voting member)
+* Richard Lau @richardlau (voting member)
+* Ruy Adorno @ruyadorno (voting member)
+* Paolo Insogna @ShogunPanda (voting member)
+* Joe Sepi @joesepi (Guest - Node.js CPC rep)
+
+## Agenda
+
+### Announcements
+
+* Node.js 22.18.0 is out with type stripping support.
+* JSConf tickets are available with a collaborator discount.
+* Send your semver-major PRs for Node.js 25!
+
+### Reminders
+
+* Remember to nominate people for the [contributor spotlight](https://github.com/nodejs/node/blob/main/doc/contributing/reconizing-contributors.md#bi-monthly-contributor-spotlight)
+
+### CPC and Board Meeting Updates
+
+* Joe: CPC spent some time reviewing the data retention policy of the Foundation (GDPR), will need to ask Legal/Board. CoC v3 is on the way - the foundation would move to that version. Work being done to communicate/circulare the policy updates to the project.
+
+### nodejs/build
+
+* Require Physical 2fa for Build WG & Web Infra members [#4063](https://github.com/nodejs/build/issues/4063)
+  * Richard: it is not possible to make a requirement, and GitHub does not allow to differentiate. Should we disallow insecure 2FA (sms)? This should be discussed by the TSC as it’s a org wide decision. There are a few people who are using SMS as well. Should we dismiss this or move forward?
+  * Chengzhong: why physical 2FA is required? Would OnePassword be enough?
+  * Richard: HW is really inconvenient, but more security is always better.
+  * Chengzhong: is the only insecure method of 2FA the SMS one?
+  * Richard: I don’t know if there isn’t anything.
+  * Filip: OTP is included too. We should be protecting against phishing attacks. Passkey provides that level of security and they are available to everybody in modern browsers.
+  * Joyee: if we enforce secure 2FA, they cannot do any authentication requests in the org. Chromium/V8 already require committers to have secure keys like yubikeys.
+  * Paolo:
+  * Filip: … they are phishing resistant.
+  * Matteo: let’s move the issue to the admin repo
+  * Richard: I’ll move the issue and change the title.
+  * Joyee (side chat): maybe instead of handing out t-shirts at collab summit, we hand out yubikeys (+1 from Darshan, Chengzhong & Matteo)
+* Potentially transition to 1password for secrets management [#4039](https://github.com/nodejs/build/issues/4039)
+  * Rirchard: when someone doesn’t leave the team, we do not rotate the keys. The TSC does not have access to all secrets that have access our secrets for Infra. If we move secrets to our Vault, all TSC members will have access, and that will increase the exposure. Are we happy to widen the group of people? One suggestion is to move it to the OpenJS OnePassword
+  * Matteo: We could move the TSC members to not be owners and have a separate Vault.
+
+### nodejs/node
+
+* meta: clarify pr objection process further [#59096](https://github.com/nodejs/node/pull/59096)
+  * Chengzhong: Yagiz objected and James dismissed it after 7 days.
+  * Paolo and Rafael: the 7 days passing makes it possible to land
+  * Matteo: <https://github.com/nodejs/node/pull/59096#issuecomment-3160220476> - we are going to give another 7 days for Yagiz to engage in the discussion.
+
+### nodejs/Release
+
+* Proposal - Shift Node.js to Annual Major Releases and Shorten LTS Duration [#1113](https://github.com/nodejs/Release/issues/1113)
+  * Rafael: nothing to discuss, being worked on asynchronously
+
+### nodejs/TSC
+
+* Self nominating for the Moderation team  [#1773](https://github.com/nodejs/TSC/issues/1773)
+  * Matteo: vote is now open, thanks Antoine for setting it up
+* Interim TSC Election [#1763](https://github.com/nodejs/TSC/issues/1763)
+  * Matteo: we have a chair and vice-chairs!
+* Update charter with communication responsibilities [#1754](https://github.com/nodejs/TSC/pull/1754)
+  * Darshan: waiting for James and Matteo for some wording suggestions.
+* Self-serve model for funding Node.js work [#1747](https://github.com/nodejs/TSC/issues/1747)
+  * Darshan: James made a proposal, waiting to discuss with James in the call
+* Let's talk about the CI situation [#1614](https://github.com/nodejs/TSC/issues/1614)
+  * Matteo: nothing to add, lets keep it in the agend.
+
+### nodejs/web-team
+
+* chore(gov): remove web-standards [#20](https://github.com/nodejs/web-team/pull/20)
+  * Matteo we don’t have quorum. No objections from the current group.
+
+## Strategic Initiatives
+
+## Upcoming Meetings
+
+* **Node.js Project Calendar**: <https://nodejs.org/calendar>
+
+Click `+GoogleCalendar` at the bottom right to add to your own Google calendar.
