Skip to content

Latest commit

 

History

History
32 lines (21 loc) · 2.71 KB

wg_onboarding.md

File metadata and controls

32 lines (21 loc) · 2.71 KB

On-boarding New Security WG Members

This document aims to provide a clear process for on-boarding new team members to the Node.js Security WG.

Introducing new members

New members may self-nominate themselves, or be nominated to join the WG by existing members. They share an affinity to web or software security research, or activism around security and the Node.js project. All of which make good criteria to join the team but are not a closed list.

The Buddy Program

Every new member should be assigned a buddy to help mentor and coach them through the on-boarding period, relevant processes and activities that the WG handles.

A buddy is an active member of the WG who is familiar with the above topics, and should be recommended on the nomination issue/PR.

How to nominate new members?

Open a Pull-Request in https://github.com/nodejs/security-wg that suggests to nominate a new team member. Provide as much background and context as possible which is relevant to this candidate and his potential future contributions to the Security WG.

References:

What happens next?

Patiently wait for feedback and +1’s from the team and a reasonable time to ensure nobody disagrees (7 days).

Setting-up for new WG members

Once acceptance has been acquired by group members, the following should take place to setup the new member:

  • Confirm that the new member has read, understands, and agrees to uphold the Code of Conduct. The work of triaging vulnerabilities in the Security WG is about handling sensitive matters with open source maintainers, and communication should be handled with care. If in doubt on how to communicate reach out to the Moderation team and ask for guidance. As a member of the Security WG please also be aware of public statements you make.
  • Mentor should ping @cjihrig, @mhdawson, @sam-github or @ChALkeR to add the new member to the repository.
  • New member should open a PR with his/her username added to the list in alphabetical order at: security-wg/README.md at master · nodejs/security-wg · GitHub
  • New member should enable 2FA in GitHub
  • New member should join the Security WG slack medium and confirm his identity by providing necessary slack user details in the following private discussion: Slack identity check