Skip to content

Commit

Permalink
doc: add security steward on/offboarding steps
Browse files Browse the repository at this point in the history
Signed-off-by: Michael Dawson <[email protected]>

PR-URL: #41129
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Rich Trott <[email protected]>
mhdawson authored and danielleadams committed Feb 1, 2022
1 parent 5ac6027 commit f0693cb
Showing 1 changed file with 23 additions and 0 deletions.
23 changes: 23 additions & 0 deletions doc/guides/security-steward-on-off-boarding.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Security Steward Onboarding/OffBoarding

## Onboarding

* Confirm the new steward agrees to keep all private information confidential
to the project and not to use/disclose to their employer.
* Add them to the security-stewards team in the GitHub nodejs-private
organization.
* Ensure they have 2FA enabled in H1.
* Add them to the standard team in H1 using this
[page](https://hackerone.com/nodejs/team_members).
* Add them as managers of the
[nodejs-sec](https://groups.google.com/g/nodejs-sec/members) mailing list.

## Offboarding

* Remove them from security-stewards team in the GitHub nodejs-private
organization.
* Unless they have access for another reason, remove them from the
standard team in H1 using this
[page](https://hackerone.com/nodejs/team_members).
* Downgrade their account to regular member in the
[nodejs-sec](https://groups.google.com/g/nodejs-sec/members) mailing list.

0 comments on commit f0693cb

Please sign in to comment.