✨ 2024-02-14 agenda

Author: ctcpip

README.md

@@ -4,7 +4,7 @@ This repository contains documents, agendas, and notes for the ECMAScript - Secu
 
 ## Agenda
 
-see [2023-12-13](meetings/notes/2023/2023-12-13.md) and [the backlog](meetings/notes/backlog.md) 👀
+see [2024-02-14](meetings/notes/2024/2024-02-14.md) and [the backlog](meetings/notes/backlog.md) 👀
 
 ## Meetings
 
@@ -14,6 +14,7 @@ Meeting link: <https://meet.google.com/rwh-opnw-cnk>
 
 <!-- DST below -->
 
+<!--
 ### 2nd Wednesday / Thursday each month (EMEA-friendly)
 
 |              |                 |
@@ -29,10 +30,10 @@ Meeting link: <https://meet.google.com/rwh-opnw-cnk>
 | US / Central | 20:00 Tuesday   |
 |          UTC | 01:00 Wednesday |
 |        China | 09:00 Wednesday |
+-->
 
 <!-- not DST below -->
 
-<!--
 ### 2nd Wednesday / Thursday each month (EMEA-friendly)
 
 |              |                 |
@@ -48,7 +49,6 @@ Meeting link: <https://meet.google.com/rwh-opnw-cnk>
 | US / Central | 20:00 Tuesday   |
 |          UTC | 02:00 Wednesday |
 |        China | 10:00 Wednesday |
--->
 
 ## Folks
 

meetings/notes/2024/2024-02-14.md

@@ -0,0 +1,25 @@
+# TG3 - 2024-02-14
+
+## Folks
+
+| Name      | GH Username     | TLA | Affiliation  |
+| --------- | --------------- | --- | ------------ |
+| Full Name | @githubUsername | FNE | organization |
+|           |                 |     |              |
+
+## Agenda
+
+> [!NOTE]
+> See [backlog.md](backlog.md) for outstanding action items and agenda topics.
+
+Happy Valentine's Day to all whom'st've celebrate! 💘
+
+| Topic                                                                                  | Presenter(s)     |
+| -------------------------------------------------------------------------------------- | ---------------- |
+| review issues in security repo                                                         | Chris de Almeida |
+| ? discuss [WasmGC shared memory proposal][wasm] / [shared structs proposal][structs] ? |                  |
+| ? does TC39 need a formal security review for proposals? [related issue][related]      |                  |
+
+[wasm]: https://github.com/WebAssembly/shared-everything-threads/blob/main/proposals/shared-everything-threads/Overview.md
+[structs]: https://github.com/tc39/proposal-structs
+[related]: https://github.com/tc39/security/issues/4

meetings/notes/backlog.md

@@ -2,19 +2,11 @@
 
 ## Action Items
 
-- ACTION (MM): reach out to Natalie Silvanovich for interest in participation
 - ACTION: do we move any issues from public `security` repo?
-- GH vulnerability disclosure reporting feature
-  - ACTION: CDA: better understanding of the GH reporting mechanism and details
-  - ACTION: need to understand what access GH has to vulnerability disclosure data
-- ACTION: CDA: look at new google meet settings to avoid host gatekeeping
 
 ## Agenda Items
 
-- incoming and outgoing vulnerability disclosure policy
-  - review notes from [2023-08-09](/meetings/notes/2023/2023-08-09.md) as that is where important feedback and unanswered questions appear
 - general policy on outside collaborators joining the meeting
-- should TG3 repo be public?
 - Strategies used and features/invariants relied upon to write secure programs today (Michael Ficarra)
 - Adopting something like the W3C Self-Review Questionnaire: Security and Privacy
   - IETF has a similar doc: <https://datatracker.ietf.org/doc/html/rfc3552>
@@ -37,8 +29,11 @@
 - Explore language capabilities that are undeniable, not virtualizable. (MF)
 - proposals
   - review security impact of (Shared) Structs proposal - <https://github.com/tc39/proposal-structs>
+    - and [WasmGC shared memory proposal](https://github.com/WebAssembly/shared-everything-threads/blob/main/proposals/shared-everything-threads/Overview.md)
   - does TC39 need a formal security review for proposals?
-    - JHD has a related issue on this: <http://github.com/tc39/process-document/pull/18>
+    - related issues on this:
+      - <https://github.com/tc39/security/issues/4>
+      - <http://github.com/tc39/process-document/pull/18>
 - MM: Existing code can run in hardened mode
   - biggest problem with running existing code in hardened mode wrt builtins is overriding
     - find a means to suppress override mistake (if possible)

reports/2024/04.md

@@ -0,0 +1,12 @@
+# 2024 April Plenary Report
+
+this is a shortlist of items to report to TG1
+
+if there are materials being presented at plenary, it would be good to add a link here
+
+## Updates
+
+- reminder of TG3 meeting times (copy from [README](/README.md))
+-
+
+## Items Seeking Committee Feedback and/or Consensus