Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

doc: add security steward on/offboarding steps #41129

Closed
wants to merge 9 commits into from

Conversation

mhdawson
Copy link
Member

@mhdawson mhdawson commented Dec 9, 2021

Signed-off-by: Michael Dawson mdawson@devrus.com

Signed-off-by: Michael Dawson <mdawson@devrus.com>
@nodejs-github-bot nodejs-github-bot added the doc Issues and PRs related to the documentations. label Dec 9, 2021
Comment on lines 11 to 14
* Add them to the
[jenkin-admins team](https://GitHub.com/orgs/nodejs/teams/jenkins-admins)
in the GitHub nodejs org. This is needed for them to be able
to lock/unlock the CI during a security release.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't object to this, but this is a change -- currently locking/unlocking the CI for a security release is documented as being something to request the build team to do (see the template issue text for "Notify build-wg of upcoming security release date by opening an issue in nodejs/build to request WG members are available to fix any CI issues." in https://github.com/nodejs/node/blob/master/doc/guides/security-release-process.md).

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok that makes sense to me. I'll remove that part for now.

@Trott
Copy link
Member

Trott commented Dec 10, 2021

I wonder if this should be either in the TSC repo as part of the Security-Team.md or else in the nodejs-private meta repo to go along with the Triage team onboarding information there. We're starting to fragment documentation that logically should be in one place.

@Trott
Copy link
Member

Trott commented Dec 10, 2021

We're starting to fragment documentation that logically should be in one place.

Although I guess the security release docs are here, so ¯\(ツ)/¯.

Even if it's not as part of this PR, we should figure out a way to get all these docs in one place (or maybe two places if we need some private docs).

mhdawson and others added 2 commits December 10, 2021 13:04
Co-authored-by: Voltrex <mohammadkeyvanzade94@gmail.com>
Co-authored-by: Rich Trott <rtrott@gmail.com>
@mhdawson
Copy link
Member Author

@Trott these security release process doc used to be in the security-wg repo when I originally wrote it. Sam moved it over to her due to the lack of visibility of participation over there. I think for now at least keeping this new doc in the same place make sense.

@mhdawson
Copy link
Member Author

@richardlau updated.

@mhdawson
Copy link
Member Author

@bengl @vdeturckheim I removed you from the jenkins-admins as @richardlau pointed out we ask the build team members to do the CI lock/unlock.

@richardlau
Copy link
Member

@bengl @vdeturckheim I removed you from the jenkins-admins as @richardlau pointed out we ask the build team members to do the CI lock/unlock.

Just to reiterate -- I'm not against the idea of expanding who can do the CI lock/unlock but that warrants its own discussion/issue/pull request as it will be a change to what has been done up to now.

@mhdawson
Copy link
Member Author

@richardlau that's the way I understood your comment as well. Just wanted to line up what I did with current practice.

doc/guides/security-steward-on-off-boarding.md Outdated Show resolved Hide resolved
doc/guides/security-steward-on-off-boarding.md Outdated Show resolved Hide resolved
Copy link
Member

@Trott Trott left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to add a note about setting 2FA in H1?

mhdawson and others added 2 commits December 15, 2021 16:43
Co-authored-by: Luigi Pinca <luigipinca@gmail.com>
Co-authored-by: Luigi Pinca <luigipinca@gmail.com>
@mhdawson
Copy link
Member Author

@Trott, added step to confirm they have 2FA enabled.
Will land once github actions complete.

mhdawson added a commit that referenced this pull request Dec 16, 2021
Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: #41129
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
@mhdawson
Copy link
Member Author

Landed in 13ee108

@mhdawson mhdawson closed this Dec 16, 2021
danielleadams pushed a commit that referenced this pull request Dec 16, 2021
Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: #41129
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
danielleadams pushed a commit that referenced this pull request Dec 17, 2021
Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: #41129
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
danielleadams pushed a commit that referenced this pull request Jan 31, 2022
Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: #41129
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
danielleadams pushed a commit that referenced this pull request Jan 31, 2022
Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: #41129
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Linkgoron pushed a commit to Linkgoron/node that referenced this pull request Jan 31, 2022
Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: nodejs#41129
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
danielleadams pushed a commit that referenced this pull request Feb 1, 2022
Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: #41129
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
@danielleadams danielleadams mentioned this pull request Feb 1, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
doc Issues and PRs related to the documentations.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants