Skip to content

Commit

Permalink
doc: add security steward on/offboarding steps
Browse files Browse the repository at this point in the history
Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: #41129
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
  • Loading branch information
mhdawson authored and danielleadams committed Dec 16, 2021
1 parent 0e4662d commit f530229
Showing 1 changed file with 23 additions and 0 deletions.
23 changes: 23 additions & 0 deletions doc/guides/security-steward-on-off-boarding.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Security Steward Onboarding/OffBoarding

## Onboarding

* Confirm the new steward agrees to keep all private information confidential
to the project and not to use/disclose to their employer.
* Add them to the security-stewards team in the GitHub nodejs-private
organization.
* Ensure they have 2FA enabled in H1.
* Add them to the standard team in H1 using this
[page](https://hackerone.com/nodejs/team_members).
* Add them as managers of the
[nodejs-sec](https://groups.google.com/g/nodejs-sec/members) mailing list.

## Offboarding

* Remove them from security-stewards team in the GitHub nodejs-private
organization.
* Unless they have access for another reason, remove them from the
standard team in H1 using this
[page](https://hackerone.com/nodejs/team_members).
* Downgrade their account to regular member in the
[nodejs-sec](https://groups.google.com/g/nodejs-sec/members) mailing list.

0 comments on commit f530229

Please sign in to comment.