security-wg CII-Best-Practices for Nodejs: Gold level

Initiative: #953 Related: #955 and #1087

This pull request contains a dump of the current questions and answers for the Node.js project in OpenSSF Best Practices for Gold Level. The purpose is to review the current answers, update and comment on them until we have a final version, and then update the OpenSSF Best Practices site.

Apr 16 '23 16:04 UlisesGascon

@UlisesGascon overall a great pass though. One general suggestion is that we should probably include your comments on why met/unmet into what is landed as part of the PR versus just additional comments in the PR review?

Aug 29 '23 18:08 mhdawson

I will work in add more context to the PR as I did in #1163 and #1162. Then we can re-review it again 👍. The discussions won't be lost even if I close them now because I will include the links.

Nov 26 '23 17:11 UlisesGascon

So the PR is back! Ready for review and feedback @nodejs/security . I added links to the documentation and the previous discussions.

Nov 26 '23 18:11 UlisesGascon

@UlisesGascon could you summarize to us what's missing to conclude this initiative/pr? Just #1190?

Mar 14 '24 13:03 RafaelGSS

@UlisesGascon could you summarize to us what's missing to conclude this initiative/pr? Just https://github.com/nodejs/security-wg/issues/1190?

I think that:

#1186
#1187
#1188
#1190

Mar 27 '24 10:03 UlisesGascon

This seems like something that shouldn't ever go stale?

Aug 20 '24 02:08 ljharb

@UlisesGascon reopen?

Dec 03 '24 02:12 ljharb