doc: add security-steward rotation information

Add information about security stewards and rotation. Signed-off-by: Michael Dawson <mdawson@devrus.com> PR-URL: #41707 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Vladimir de Turckheim <vlad2t@hotmail.com> Reviewed-By: Bryan English <bryan@bryanenglish.com> Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
nodejs · Feb 7, 2022 · c0629b4 · c0629b4
1 parent 032df4e
commit c0629b4
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -729,6 +729,30 @@ use these keys to verify a downloaded file.
 
 </details>
 
+### Security release stewards
+
+When possible, the commitment to take slots in the
+security release steward rotation is made by companies in order
+to ensure individuals who act as security stewards have the
+support and recognition from their employer to be able to
+prioritize security releases. Security release stewards manage security
+releases on a rotation basis as outlined in the
+[security release process](./doc/contributing/security-release-process.md).
+
+* Datadog
+  * [bengl](https://github.com/bengl) -
+    **Bryan English** <<bryan@bryanenglish.com>> (he/him)
+  * [vdeturckheim](https://github.com/vdeturckheim) -
+    **Vladimir de Turckheim** <<vlad2t@hotmail.com>> (he/him)
+* NearForm
+  * [mcollina](https://github.com/mcollina) -
+    **Matteo Collina** <<matteo.collina@gmail.com>> (he/him)
+* Red Hat and IBM
+  * [joesepi](https://github.com/joesepi)-
+    **Joe Sepi** <<joesepi@ibm.com>> (he/him)
+  * [mhdawson](https://github.com/mhdawson) -
+    **Michael Dawson** <<midawson@redhat.com>> (he/him)
+
 ## License
 
 Node.js is available under the

diff --git a/doc/contributing/security-release-process.md b/doc/contributing/security-release-process.md
@@ -6,6 +6,28 @@ Security Release and used to track progress on the release. It contains _**TEXT
 LIKE THIS**_ which will be replaced during the release process with the
 information described.
 
+## Security release stewards
+
+For each security release, a security steward will take ownership for
+coordinating the steps outlined in this process. Security stewards
+are nominated through an issue in the TSC repository and approved
+through the regular TSC consensus process. Once approved, they
+are given access to all of the resources needed to carry out the
+steps listed in the process as outlined in
+[security steward on/off boarding](security-steward-on-off-boarding.md).
+
+The current security stewards are documented in the main Node.js
+[README.md](https://github.com/nodejs/node#security-release-stewards).
+
+| Company    | Person   | Release Date |
+| ---------- | -------- | ------------ |
+| NearForm   | Matteo   | 2021-Oct-12  |
+| Datadog    | Bryan    | 2022-Jan-10  |
+| RH and IBM | Joe      |              |
+| NearForm   | Matteo   |              |
+| Datadog    | Vladimir |              |
+| RH and IBM | Michael  |              |
+
 ## Planning
 
 * [ ] Open an [issue](https://github.com/nodejs-private/node-private) titled