From e20017fe2fb0697f9844df15d51a9a97b3610461 Mon Sep 17 00:00:00 2001 From: Matteo Collina Date: Mon, 11 Nov 2024 09:41:55 +0100 Subject: [PATCH 1/2] Add requirement that non-collaborator members be approved by the TSC To avoid XY-style attacks, build-wg members should be highly trusted. Therefore, if they are not already Node.js collaborators, they should be approved by the TSC. --- GOVERNANCE.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/GOVERNANCE.md b/GOVERNANCE.md index a9933f2c9..05087be8d 100644 --- a/GOVERNANCE.md +++ b/GOVERNANCE.md @@ -56,8 +56,10 @@ should be aware of the bounds of their expertise and act accordingly. the basics of a trust relationship. The most two most straightforward paths to trust are: 1. An established relationship with the Node.js project and its associated - working groups and activities. The longer the better. - 2. A contractual relationship (such as employment) with a member company of + working groups and activities. The longer the better. In case of doubt, + or if the individual is _not_ a Node.js Collaborator, contact the Node.js + TSC. + 3. A contractual relationship (such as employment) with a member company of the OpenJS Foundation. Contractual relationships carry legal weight and provide greater likelihood of a stable trust relationship; at a minimum they establish strong legal accountability. From 7bf51a1ab951611eaad136f1718755fd2e408560 Mon Sep 17 00:00:00 2001 From: Matteo Collina Date: Mon, 11 Nov 2024 21:51:38 +0100 Subject: [PATCH 2/2] Update GOVERNANCE.md Co-authored-by: Ruben Bridgewater --- GOVERNANCE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/GOVERNANCE.md b/GOVERNANCE.md index 05087be8d..799a7d693 100644 --- a/GOVERNANCE.md +++ b/GOVERNANCE.md @@ -59,7 +59,7 @@ should be aware of the bounds of their expertise and act accordingly. working groups and activities. The longer the better. In case of doubt, or if the individual is _not_ a Node.js Collaborator, contact the Node.js TSC. - 3. A contractual relationship (such as employment) with a member company of + 2. A contractual relationship (such as employment) with a member company of the OpenJS Foundation. Contractual relationships carry legal weight and provide greater likelihood of a stable trust relationship; at a minimum they establish strong legal accountability.