diff --git a/README.md b/README.md index cd5bbfb1819a2e..def1132051456b 100644 --- a/README.md +++ b/README.md @@ -729,6 +729,30 @@ use these keys to verify a downloaded file. +### Security release stewards + +When possible, the commitment to take slots in the +security release steward rotation is made by companies in order +to ensure individuals who act as security stewards have the +support and recognition from their employer to be able to +prioritize security releases. Security release stewards manage security +releases on a rotation basis as outlined in the +[security release process](./doc/contributing/security-release-process.md). + +* Datadog + * [bengl](https://github.com/bengl) - + **Bryan English** <> (he/him) + * [vdeturckheim](https://github.com/vdeturckheim) - + **Vladimir de Turckheim** <> (he/him) +* NearForm + * [mcollina](https://github.com/mcollina) - + **Matteo Collina** <> (he/him) +* Red Hat and IBM + * [joesepi](https://github.com/joesepi)- + **Joe Sepi** <> (he/him) + * [mhdawson](https://github.com/mhdawson) - + **Michael Dawson** <> (he/him) + ## License Node.js is available under the diff --git a/doc/contributing/security-release-process.md b/doc/contributing/security-release-process.md index 7fbf68152dd125..6aee4655ad75b8 100644 --- a/doc/contributing/security-release-process.md +++ b/doc/contributing/security-release-process.md @@ -6,6 +6,28 @@ Security Release and used to track progress on the release. It contains _**TEXT LIKE THIS**_ which will be replaced during the release process with the information described. +## Security release stewards + +For each security release, a security steward will take ownership for +coordinating the steps outlined in this process. Security stewards +are nominated through an issue in the TSC repository and approved +through the regular TSC consensus process. Once approved, they +are given access to all of the resources needed to carry out the +steps listed in the process as outlined in +[security steward on/off boarding](security-steward-on-off-boarding.md). + +The current security stewards are documented in the main Node.js +[README.md](https://github.com/nodejs/node#security-release-stewards). + +| Company | Person | Release Date | +| ---------- | -------- | ------------ | +| NearForm | Matteo | 2021-Oct-12 | +| Datadog | Bryan | 2022-Jan-10 | +| RH and IBM | Joe | | +| NearForm | Matteo | | +| Datadog | Vladimir | | +| RH and IBM | Michael | | + ## Planning * [ ] Open an [issue](https://github.com/nodejs-private/node-private) titled