mirror of
https://github.com/nodejs/node.git
synced 2025-08-15 13:48:44 +02:00
dfdfd2471f
This change is helpful when publishing release announcements. PR-URL: https://github.com/nodejs/node/pull/42333 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Michael Dawson <midawson@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Darshan Sen <raisinten@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
25 lines
1 KiB
Markdown
25 lines
1 KiB
Markdown
# Security Steward Onboarding/OffBoarding
|
|
|
|
## Onboarding
|
|
|
|
* Confirm the new steward agrees to keep all private information confidential
|
|
to the project and not to use/disclose to their employer.
|
|
* Add them to the security-stewards team in the GitHub nodejs-private
|
|
organization.
|
|
* Add them to the [public website team](https://github.com/orgs/nodejs/teams/website).
|
|
* Ensure they have 2FA enabled in H1.
|
|
* Add them to the standard team in H1 using this
|
|
[page](https://hackerone.com/nodejs/team_members).
|
|
* Add them as managers of the
|
|
[nodejs-sec](https://groups.google.com/g/nodejs-sec/members) mailing list.
|
|
|
|
## Offboarding
|
|
|
|
* Remove them from security-stewards team in the GitHub nodejs-private
|
|
organization.
|
|
* Remove them from public website team
|
|
* Unless they have access for another reason, remove them from the
|
|
standard team in H1 using this
|
|
[page](https://hackerone.com/nodejs/team_members).
|
|
* Downgrade their account to regular member in the
|
|
[nodejs-sec](https://groups.google.com/g/nodejs-sec/members) mailing list.
|