Chris de Almeida

## hierarchy of problems we are trying to solve for 1. false positives * the biggest collective headache this situation created was that all versions of the product were marked...

## next steps - draft CNA guidance for: - unreleased/development branch potential vulns - maintainer (supplier) comms - if possible, set expectations to reduce "surprise" disclosures - when/how to populate...

> Is this really necessary? _necessary_ is a strong word, but this has been a recurring problem with folks creating TLA PRs and it takes the chairs an inordinate amount...

> how important is it that this particular convention be followed? this is a fair question and one that I can't answer definitively. one of the biggest reasons for the...

> If we want to reform acronyms of people that's not what we're doing here > an additional marker of semi-seniority for people with irregular TLAs that's not the intent...

It's my fault for not including an explainer when I opened this PR, but the intent of this has been misunderstood and my attempts at clarification seem to have been...

thank you Samina! 🙏

plan to merge this on Friday, allowing for any last-minute feedback

ah just noticed filenames need to fixed

we need a note in here about the possibility of continuing to run CI in older unsupported node versions so we know if/when a change clearly breaks back-compat. (we do...