doc: add security steward on/offboarding steps #41129
Conversation
Signed-off-by: Michael Dawson <mdawson@devrus.com>
| * Add them to the | ||
| [jenkin-admins team](https://GitHub.com/orgs/nodejs/teams/jenkins-admins) | ||
| in the GitHub nodejs org. This is needed for them to be able | ||
| to lock/unlock the CI during a security release. |
There was a problem hiding this comment.
I don't object to this, but this is a change -- currently locking/unlocking the CI for a security release is documented as being something to request the build team to do (see the template issue text for "Notify build-wg of upcoming security release date by opening an issue in nodejs/build to request WG members are available to fix any CI issues." in https://github.com/nodejs/node/blob/master/doc/guides/security-release-process.md).
There was a problem hiding this comment.
Ok that makes sense to me. I'll remove that part for now.
|
I wonder if this should be either in the TSC repo as part of the Security-Team.md or else in the nodejs-private meta repo to go along with the Triage team onboarding information there. We're starting to fragment documentation that logically should be in one place. |
Although I guess the security release docs are here, so ¯\(ツ)/¯. Even if it's not as part of this PR, we should figure out a way to get all these docs in one place (or maybe two places if we need some private docs). |
Co-authored-by: Voltrex <mohammadkeyvanzade94@gmail.com>
Co-authored-by: Rich Trott <rtrott@gmail.com>
|
@Trott these security release process doc used to be in the security-wg repo when I originally wrote it. Sam moved it over to her due to the lack of visibility of participation over there. I think for now at least keeping this new doc in the same place make sense. |
|
@richardlau updated. |
|
@bengl @vdeturckheim I removed you from the jenkins-admins as @richardlau pointed out we ask the build team members to do the CI lock/unlock. |
Just to reiterate -- I'm not against the idea of expanding who can do the CI lock/unlock but that warrants its own discussion/issue/pull request as it will be a change to what has been done up to now. |
|
@richardlau that's the way I understood your comment as well. Just wanted to line up what I did with current practice. |
Co-authored-by: Luigi Pinca <luigipinca@gmail.com>
Co-authored-by: Luigi Pinca <luigipinca@gmail.com>
|
@Trott, added step to confirm they have 2FA enabled. |
Signed-off-by: Michael Dawson <mdawson@devrus.com> PR-URL: #41129 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
|
Landed in 13ee108 |
Signed-off-by: Michael Dawson <mdawson@devrus.com> PR-URL: #41129 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
Signed-off-by: Michael Dawson <mdawson@devrus.com> PR-URL: #41129 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
Signed-off-by: Michael Dawson <mdawson@devrus.com> PR-URL: #41129 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
Signed-off-by: Michael Dawson <mdawson@devrus.com> PR-URL: #41129 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
Signed-off-by: Michael Dawson <mdawson@devrus.com> PR-URL: nodejs#41129 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
Signed-off-by: Michael Dawson <mdawson@devrus.com> PR-URL: #41129 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
Signed-off-by: Michael Dawson mdawson@devrus.com