ADMIN: add Kir Kolyshkin as a maintainer

[pcmoore]

We (@pcmoore and @drakenclimber) have asked @kolyshkin if he would like to join the libseccomp-goland project as a co-maintainer and he graciously agreed (thanks Kir!). This issue is intended to track all of the different things we need to do to ensure Kir is setup properly as a maintainer for the libseccomp-golang bindings.

NOTE: the list items below are subject to change based on the discussion in this issue.

• Verify that @kolyshkin has 2FA enabled for his GH account
• @kolyshkin should setup a PGP/GPG key if he hasn't already for tag/release signing (RELEASE_PROCESS.md is still a TODO)
• Update issue ADMIN: change maintainers of the libseccomp-golang project #36 with @kolyshkin's account
• Check and update README.md, CONTRIBUTING.md, SECURITY.md, and MAINTAINER_PROCESS.md (pending PR) if needed with @kolyshkin's info
• Grant @kolyshkin write access to seccomp/libseccomp-golang

[pcmoore]

@drakenclimber and @kolyshkin, please suggest any edits or new list items for the checklist above.

... and thanks again @kolyshkin for agreeing to help out!

[pcmoore]

Removed the mailing list item from the list above as the mailing list has been deprecated.

[kolyshkin]

@kolyshkin should setup a PGP/GPG key if he hasn't already for tag/release signing (RELEASE_PROCESS.md is still a TODO)

I have an RSA2048 key (which is probably not good enough these days but I'm lazy), see e.g.
https://keyserver.ubuntu.com/pks/lookup?op=vindex&search=0x17de5ecb75a1100e

Check and update README.md, CONTRIBUTING.md, SECURITY.md, and MAINTAINER_PROCESS.md (pending PR) if needed with @kolyshkin's info

I took a look and the only place I see to which my name can/should be added is SECURITY.md. Here's a PR: #93

[pcmoore]

I have an RSA2048 key (which is probably not good enough these days but I'm lazy), see e.g. https://keyserver.ubuntu.com/pks/lookup?op=vindex&search=0x17de5ecb75a1100e

Right now we're not doing any tag/release signing, so anything is an improvement :) I would encourage you to do all the usual PGP/GPG best practices, but right now I think just getting a process in place where we do the signing is a big step forward, regardless of the key size.

Check and update README.md, CONTRIBUTING.md, SECURITY.md, and MAINTAINER_PROCESS.md (pending PR) if needed with @kolyshkin's info

I took a look and the only place I see to which my name can/should be added is SECURITY.md. Here's a PR: #93

Thanks. I'm working on the docs now, hopefully we can get all of these issues closed out this week.

[pcmoore]

Oh, one more thing - if you upload your GPG key to GitHub (I see you did it at least once), it doesn't look like it strips the signatures like many other key servers (you can only upload your own key, so the 3rd party key poisoning danger isn't a real risk).

My key:

• https://github.com/pcmoore.gpg

[kolyshkin]

https://github.com/kolyshkin.gpg, although it is not signed by anyone else but me. I guess we can have a nano key signing party some day...

[pcmoore]

@drakenclimber @kolyshkin I think we've now ticked all the boxes up top - aside from the final ACL setup. Anyone think of anything else before I flip the switch?

[drakenclimber]

I can't think of anything. I think we're good to go

[pcmoore]

Cool, let's do this.

Unfortunately as I was going to add @kolyshkin I realized that GH needs us to first "invite" him to the org. Sigh. I just sent the official invite and as soon as he accepts we should be all set.

[kolyshkin]

Done

You are now a member of The libseccomp Project!

[drakenclimber]

Congrats!

All bugs are now assigned to you :)

[pcmoore]

Everything @drakenclimber already said, welcome @kolyshkin :)