From f0693cb5f991b97356474c7a8c3707ec2cfc46d4 Mon Sep 17 00:00:00 2001 From: Michael Dawson Date: Thu, 9 Dec 2021 17:12:43 -0500 Subject: [PATCH] doc: add security steward on/offboarding steps Signed-off-by: Michael Dawson PR-URL: https://github.com/nodejs/node/pull/41129 Reviewed-By: James M Snell Reviewed-By: Richard Lau Reviewed-By: Luigi Pinca Reviewed-By: Rich Trott --- .../security-steward-on-off-boarding.md | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 doc/guides/security-steward-on-off-boarding.md diff --git a/doc/guides/security-steward-on-off-boarding.md b/doc/guides/security-steward-on-off-boarding.md new file mode 100644 index 00000000000000..19c058f1696bc8 --- /dev/null +++ b/doc/guides/security-steward-on-off-boarding.md @@ -0,0 +1,23 @@ +# Security Steward Onboarding/OffBoarding + +## Onboarding + +* Confirm the new steward agrees to keep all private information confidential + to the project and not to use/disclose to their employer. +* Add them to the security-stewards team in the GitHub nodejs-private + organization. +* Ensure they have 2FA enabled in H1. +* Add them to the standard team in H1 using this + [page](https://hackerone.com/nodejs/team_members). +* Add them as managers of the + [nodejs-sec](https://groups.google.com/g/nodejs-sec/members) mailing list. + +## Offboarding + +* Remove them from security-stewards team in the GitHub nodejs-private + organization. +* Unless they have access for another reason, remove them from the + standard team in H1 using this + [page](https://hackerone.com/nodejs/team_members). +* Downgrade their account to regular member in the + [nodejs-sec](https://groups.google.com/g/nodejs-sec/members) mailing list.