node/doc/contributing/security-steward-on-off-boarding.md
Joe Sepi dfdfd2471f
doc: update security release onboarding
This change is helpful when publishing release announcements.

PR-URL: https://github.com/nodejs/node/pull/42333
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
2022-03-28 16:42:00 +01:00

1.0 KiB

Security Steward Onboarding/OffBoarding

Onboarding

  • Confirm the new steward agrees to keep all private information confidential to the project and not to use/disclose to their employer.
  • Add them to the security-stewards team in the GitHub nodejs-private organization.
  • Add them to the public website team.
  • Ensure they have 2FA enabled in H1.
  • Add them to the standard team in H1 using this page.
  • Add them as managers of the nodejs-sec mailing list.

Offboarding

  • Remove them from security-stewards team in the GitHub nodejs-private organization.
  • Remove them from public website team
  • Unless they have access for another reason, remove them from the standard team in H1 using this page.
  • Downgrade their account to regular member in the nodejs-sec mailing list.