From c24c12570db0c418f7e67f9f4b577a9dd1928796 Mon Sep 17 00:00:00 2001
From: Matteo Collina <hello@matteocollina.com>
Date: Wed, 6 Aug 2025 19:22:54 +0200
Subject: [PATCH 1/3] docs: minutes for 2025-08-06

---
 meetings/2025-08-06.md | 94 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 94 insertions(+)
 create mode 100644 meetings/2025-08-06.md

diff --git a/meetings/2025-08-06.md b/meetings/2025-08-06.md
new file mode 100644
index 00000000..a50a565e
--- /dev/null
+++ b/meetings/2025-08-06.md
@@ -0,0 +1,94 @@
+# Node.js Technical Steering Committee (TSC) Meeting 2025-08-06
+
+## Links
+
+* **Recording**:  <https://www.youtube.com/watch?v=dtrWqmHiJdI>
+* **GitHub Issue**: <https://github.com/nodejs/TSC/issues/1774>
+* **Minutes Google Doc**: <https://docs.google.com/document/d/1D6VWgytcsxxdP3IAqedcmCqhpsiwB1LcoN2fh1JlL4E>
+
+## Present
+
+* Ruben Bridgewater @BridgeAR (voting member)
+* Joyee Cheung @joyeecheung (voting member)
+* Chengzhong Wu @legendecas (voting member)
+* Matteo Collina @mcollina (voting member)
+* Filip Skokan @panva (voting member)
+* Rafael Gonzaga @RafaelGSS (voting member)
+* Darshan Sen @RaisinTen (voting member)
+* Richard Lau @richardlau (voting member)
+* Ruy Adorno @ruyadorno (voting member)
+* Paolo Insogna @ShogunPanda (voting member)
+* Joe Sepi @joesepi (Guest - Node.js CPC rep)
+
+## Agenda
+
+### Announcements
+
+* Node.js 22.18.0 is out with type stripping support.
+* JSConf tickets are available with a collaborator discount.
+* Send your semver-major PRs for Node.js 25!
+
+### Reminders
+
+* Remember to nominate people for the [contributor spotlight](https://github.com/nodejs/node/blob/main/doc/contributing/reconizing-contributors.md#bi-monthly-contributor-spotlight)
+
+### CPC and Board Meeting Updates
+
+* Joe: CPC spent some time reviewing the data retention policy of the Foundation (GDPR), will need to ask Legal/Board. CoC v3 is on the way - the foundation would move to that version. Work being done to communicate/circulare the policy updates to the project.
+
+### nodejs/build
+
+* Require Physical 2fa for Build WG & Web Infra members [#4063](https://github.com/nodejs/build/issues/4063)
+  * Richard: it is not possible to make a requirement, and GitHub does not allow to differentiate. Should we disallow insecure 2FA (sms)? This should be discussed by the TSC as it’s a org wide decision. There are a few people who are using SMS as well. Should we dismiss this or move forward?
+  * Chengzhong: why physical 2FA is required? Would OnePassword be enough?
+  * Richard: HW is really inconvenient, but more security is always better.
+  * Chengzhong: is the only insecure method of 2FA the SMS one?
+  * Richard: I don’t know if there isn’t anything.
+  * Filip: OTP is included too. We should be protecting against phishing attacks. Passkey provides that level of security and they are available to everybody in modern browsers.
+  * Joyee: if we enforce secure 2FA, they cannot do any authentication requests in the org. Chromium/V8 already require committers to have secure keys like yubikeys.
+  * Paolo:
+  * Filip: … they are phishing resistant.
+  * Matteo: let’s move the issue to the admin repo
+  * Richard: I’ll move the issue and change the title.
+  * Matteo: the foundation has no budget right now to fund Yubikeys for a team or even org-wide.
+* Potentially transition to 1password for secrets management [#4039](https://github.com/nodejs/build/issues/4039)
+  * Rirchard: when someone doesn’t leave the team, we do not rotate the keys. The TSC does not have access to all secrets that have access our secrets for Infra. If we move secrets to our Vault, all TSC members will have access, and that will increase the exposure. Are we happy to widen the group of people? One suggestion is to move it to the OpenJS OnePassword
+  * Matteo: We could move the TSC members to not be owners and have a separate Vault.
+
+### nodejs/node
+
+* meta: clarify pr objection process further [#59096](https://github.com/nodejs/node/pull/59096)
+  * Chengzhong: Yagiz objected and James dismissed it after 7 days.
+  * Paolo and Rafael: the 7 days passing makes it possible to land
+  * Matteo: <https://github.com/nodejs/node/pull/59096#issuecomment-3160220476> - we are going to give another 7 days for Yagiz to engage in the discussion.
+
+### nodejs/Release
+
+* Proposal - Shift Node.js to Annual Major Releases and Shorten LTS Duration [#1113](https://github.com/nodejs/Release/issues/1113)
+  -Rafael: nothing to discuss, being worked on asynchronously
+
+### nodejs/TSC
+
+* Self nominating for the Moderation team  [#1773](https://github.com/nodejs/TSC/issues/1773)
+  * Matteo: vote is now open, thanks Antoine for setting it up
+* Interim TSC Election [#1763](https://github.com/nodejs/TSC/issues/1763)
+  * Matteo: we have a chair and vice-chairs!
+* Update charter with communication responsibilities [#1754](https://github.com/nodejs/TSC/pull/1754)
+  * Darshan: waiting for James and Matteo for some wording suggestions.
+* Self-serve model for funding Node.js work [#1747](https://github.com/nodejs/TSC/issues/1747)
+  * Darshan: James made a proposal, waiting to discuss with James in the call
+* Let's talk about the CI situation [#1614](https://github.com/nodejs/TSC/issues/1614)
+  * Matteo: nothing to add, lets keep it in the agend.
+
+### nodejs/web-team
+
+* chore(gov): remove web-standards [#20](https://github.com/nodejs/web-team/pull/20)
+  * Matteo we don’t have quorum. No objections from the current group.
+
+## Strategic Initiatives
+
+## Upcoming Meetings
+
+* **Node.js Project Calendar**: <https://nodejs.org/calendar>
+
+Click `+GoogleCalendar` at the bottom right to add to your own Google calendar.

From ac3d165bea11826299b1facb293a1aea39d3176b Mon Sep 17 00:00:00 2001
From: Matteo Collina <hello@matteocollina.com>
Date: Thu, 7 Aug 2025 05:30:22 -0700
Subject: [PATCH 2/3] Update meetings/2025-08-06.md

Co-authored-by: Ruy Adorno <ruy@vlt.sh>
---
 meetings/2025-08-06.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meetings/2025-08-06.md b/meetings/2025-08-06.md
index a50a565e..5d1ba669 100644
--- a/meetings/2025-08-06.md
+++ b/meetings/2025-08-06.md
@@ -65,7 +65,7 @@
 ### nodejs/Release
 
 * Proposal - Shift Node.js to Annual Major Releases and Shorten LTS Duration [#1113](https://github.com/nodejs/Release/issues/1113)
-  -Rafael: nothing to discuss, being worked on asynchronously
+  * Rafael: nothing to discuss, being worked on asynchronously
 
 ### nodejs/TSC
 

From d09636a58ae63d952f8f9a15b17b4f7537ad6bf5 Mon Sep 17 00:00:00 2001
From: Matteo Collina <hello@matteocollina.com>
Date: Thu, 7 Aug 2025 22:15:27 +0200
Subject: [PATCH 3/3] Update 2025-08-06.md

Co-authored-by: Joyee Cheung <joyeec9h3@gmail.com>
---
 meetings/2025-08-06.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meetings/2025-08-06.md b/meetings/2025-08-06.md
index 5d1ba669..7dedec9f 100644
--- a/meetings/2025-08-06.md
+++ b/meetings/2025-08-06.md
@@ -50,7 +50,7 @@
   * Filip: … they are phishing resistant.
   * Matteo: let’s move the issue to the admin repo
   * Richard: I’ll move the issue and change the title.
-  * Matteo: the foundation has no budget right now to fund Yubikeys for a team or even org-wide.
+  * Joyee (side chat): maybe instead of handing out t-shirts at collab summit, we hand out yubikeys (+1 from Darshan, Chengzhong & Matteo)
 * Potentially transition to 1password for secrets management [#4039](https://github.com/nodejs/build/issues/4039)
   * Rirchard: when someone doesn’t leave the team, we do not rotate the keys. The TSC does not have access to all secrets that have access our secrets for Infra. If we move secrets to our Vault, all TSC members will have access, and that will increase the exposure. Are we happy to widen the group of people? One suggestion is to move it to the OpenJS OnePassword
   * Matteo: We could move the TSC members to not be owners and have a separate Vault.