Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

doc: update security release onboarding #42333

Merged
merged 3 commits into from
Mar 28, 2022
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions doc/contributing/security-steward-on-off-boarding.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
to the project and not to use/disclose to their employer.
* Add them to the security-stewards team in the GitHub nodejs-private
organization.
* Add them to the [public website team](https://github.com/orgs/nodejs/teams/website).
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does there need to be a corresponding off boarding step?

Copy link
Member

@Trott Trott Mar 15, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm on the fence. It might be hard to determine whether someone should be left on the website group for other reasons. It may be better to leave it to a regular website member pruning process (automated or human-powered) which is something we don't currently have and need to figure out, actually.

* Ensure they have 2FA enabled in H1.
* Add them to the standard team in H1 using this
[page](https://hackerone.com/nodejs/team_members).
Expand All @@ -16,6 +17,7 @@

* Remove them from security-stewards team in the GitHub nodejs-private
organization.
* Remove them from public website team
* Unless they have access for another reason, remove them from the
standard team in H1 using this
[page](https://hackerone.com/nodejs/team_members).
Expand Down