From bf17b02fcd8fa27f03ccb0cefe5740c974b7d1d5 Mon Sep 17 00:00:00 2001 From: Michael Dawson Date: Wed, 26 Jan 2022 12:11:15 -0500 Subject: [PATCH 01/16] doc: add security-steward rotation information Add information about security stewards and rotation. Signed-off-by: Michael Dawson --- README.md | 26 ++++++++++++++++++++ doc/contributing/security-release-process.md | 24 ++++++++++++++++++ 2 files changed, 50 insertions(+) diff --git a/README.md b/README.md index 80a71aca9dfbae..a686ab7a2579fe 100644 --- a/README.md +++ b/README.md @@ -729,6 +729,32 @@ use these keys to verify a downloaded file. +### Security Release Stewards + +When possible the commitment to take slots in the +security release steward rotation is made by companies in order +to ensure individuals who act as security stewards have the +support and recognition from their employer to be able to +prioritize security releases. Security release stewards manage security +releases on a rotation basis as outlined in the +[security release process](./doc/contributing/security-release-process.md). + +The current set of security release stewards is as follows: + +* Data Dog + * [bengl](https://github.com/bengl) - + **Bryan English** <> (he/him) + * [vdeturckheim](https://github.com/vdeturckheim) - + **Vladimir de Turckheim** <> (he/him) +* NearForm + * [mcollina](https://github.com/mcollina) - + **Matteo Collina** <> (he/him) +* Red Hat and IBM + * [mhdawson](https://github.com/mhdawson) - + **Michael Dawson** <> (he/him) + * [joesepi](https://github.com/joesepi)- + **Joe Sepi** <> (he/him) + ## License Node.js is available under the diff --git a/doc/contributing/security-release-process.md b/doc/contributing/security-release-process.md index 7fbf68152dd125..0ea0085b9e2d3b 100644 --- a/doc/contributing/security-release-process.md +++ b/doc/contributing/security-release-process.md @@ -6,6 +6,30 @@ Security Release and used to track progress on the release. It contains _**TEXT LIKE THIS**_ which will be replaced during the release process with the information described. +## Security release stewards + +For each security release a Security steward will take ownership for +co-ordinating the steps outlined in this process. Security stewards +are nominated through an issue in the TSC repository and approved +through the regular TSC concensus process. Once approved they +are given access to all of the resources needed to carry out the +steps listed in the process as outined in +[security steward on/off boarding](security-steward-on-off-boarding.md). + +The current security stewards are documented in the main Node.js +[README.md](https://github.com/nodejs/node#security-stewards). + +The currently rotation is as follows: + +| Company | Person | Release Date | +| ---------- | -------- | ------------ | +| NearForm | Matteo | Oct 21 | +| Data Dog | Bryan | Jan 22 | +| RH and IBM | Joe | | +| NearForm | Matteo | | +| Data Dog | Vladimir | | +| RH and IBM | Michael | | + ## Planning * [ ] Open an [issue](https://github.com/nodejs-private/node-private) titled From fbd845674627dc2722b79ee8a783e33550e2164d Mon Sep 17 00:00:00 2001 From: Michael Dawson Date: Wed, 26 Jan 2022 12:30:05 -0500 Subject: [PATCH 02/16] Update doc/contributing/security-release-process.md --- doc/contributing/security-release-process.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/contributing/security-release-process.md b/doc/contributing/security-release-process.md index 0ea0085b9e2d3b..b39f0414f1faa9 100644 --- a/doc/contributing/security-release-process.md +++ b/doc/contributing/security-release-process.md @@ -19,7 +19,7 @@ steps listed in the process as outined in The current security stewards are documented in the main Node.js [README.md](https://github.com/nodejs/node#security-stewards). -The currently rotation is as follows: +The current rotation is as follows: | Company | Person | Release Date | | ---------- | -------- | ------------ | From ae22a8fcbdb36a06c46350e86270ac09f50955b6 Mon Sep 17 00:00:00 2001 From: Michael Dawson Date: Wed, 26 Jan 2022 15:20:10 -0500 Subject: [PATCH 03/16] Update README.md Co-authored-by: Bryan English --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a686ab7a2579fe..375fc04554c003 100644 --- a/README.md +++ b/README.md @@ -741,7 +741,7 @@ releases on a rotation basis as outlined in the The current set of security release stewards is as follows: -* Data Dog +* Datadog * [bengl](https://github.com/bengl) - **Bryan English** <> (he/him) * [vdeturckheim](https://github.com/vdeturckheim) - From e4428aeaa94d859076948459ae6c155f32b57a7e Mon Sep 17 00:00:00 2001 From: Michael Dawson Date: Wed, 26 Jan 2022 15:20:25 -0500 Subject: [PATCH 04/16] Update doc/contributing/security-release-process.md Co-authored-by: Mohammed Keyvanzadeh --- doc/contributing/security-release-process.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/contributing/security-release-process.md b/doc/contributing/security-release-process.md index b39f0414f1faa9..543224b6d09e78 100644 --- a/doc/contributing/security-release-process.md +++ b/doc/contributing/security-release-process.md @@ -8,12 +8,12 @@ information described. ## Security release stewards -For each security release a Security steward will take ownership for -co-ordinating the steps outlined in this process. Security stewards +For each security release, a security steward will take ownership for +coordinating the steps outlined in this process. Security stewards are nominated through an issue in the TSC repository and approved -through the regular TSC concensus process. Once approved they +through the regular TSC consensus process. Once approved they are given access to all of the resources needed to carry out the -steps listed in the process as outined in +steps listed in the process as outlined in [security steward on/off boarding](security-steward-on-off-boarding.md). The current security stewards are documented in the main Node.js From d5db2ffe1b0eab583a55bf86b863805b83774fa3 Mon Sep 17 00:00:00 2001 From: Michael Dawson Date: Wed, 26 Jan 2022 15:21:11 -0500 Subject: [PATCH 05/16] Update doc/contributing/security-release-process.md Co-authored-by: Bryan English --- doc/contributing/security-release-process.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/contributing/security-release-process.md b/doc/contributing/security-release-process.md index 543224b6d09e78..cfc7a87d7d8042 100644 --- a/doc/contributing/security-release-process.md +++ b/doc/contributing/security-release-process.md @@ -24,7 +24,7 @@ The current rotation is as follows: | Company | Person | Release Date | | ---------- | -------- | ------------ | | NearForm | Matteo | Oct 21 | -| Data Dog | Bryan | Jan 22 | +| Datadog | Bryan | Jan 22 | | RH and IBM | Joe | | | NearForm | Matteo | | | Data Dog | Vladimir | | From 3d465aafebea94329b4565ed93dbf3cbdf48fd6f Mon Sep 17 00:00:00 2001 From: Michael Dawson Date: Wed, 26 Jan 2022 15:21:16 -0500 Subject: [PATCH 06/16] Update doc/contributing/security-release-process.md Co-authored-by: Danielle Adams <6271256+danielleadams@users.noreply.github.com> --- doc/contributing/security-release-process.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/contributing/security-release-process.md b/doc/contributing/security-release-process.md index cfc7a87d7d8042..2dedb99a5fb648 100644 --- a/doc/contributing/security-release-process.md +++ b/doc/contributing/security-release-process.md @@ -27,7 +27,7 @@ The current rotation is as follows: | Datadog | Bryan | Jan 22 | | RH and IBM | Joe | | | NearForm | Matteo | | -| Data Dog | Vladimir | | +| Datadog | Vladimir | | | RH and IBM | Michael | | ## Planning From ad6dc59831fb56625c85932aa0127e4e0702151f Mon Sep 17 00:00:00 2001 From: Michael Dawson Date: Wed, 26 Jan 2022 16:41:39 -0500 Subject: [PATCH 07/16] Update doc/contributing/security-release-process.md --- doc/contributing/security-release-process.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/contributing/security-release-process.md b/doc/contributing/security-release-process.md index 2dedb99a5fb648..4c2d4ec2f8ae5a 100644 --- a/doc/contributing/security-release-process.md +++ b/doc/contributing/security-release-process.md @@ -27,7 +27,7 @@ The current rotation is as follows: | Datadog | Bryan | Jan 22 | | RH and IBM | Joe | | | NearForm | Matteo | | -| Datadog | Vladimir | | +| Datadog | Vladimir | | | RH and IBM | Michael | | ## Planning From 23d25d8986b331042922ba2abb16abfa6236100c Mon Sep 17 00:00:00 2001 From: Michael Dawson Date: Thu, 27 Jan 2022 09:05:04 -0500 Subject: [PATCH 08/16] Update README.md Co-authored-by: Rich Trott --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 375fc04554c003..ba2b18657d989d 100644 --- a/README.md +++ b/README.md @@ -731,7 +731,7 @@ use these keys to verify a downloaded file. ### Security Release Stewards -When possible the commitment to take slots in the +When possible, the commitment to take slots in the security release steward rotation is made by companies in order to ensure individuals who act as security stewards have the support and recognition from their employer to be able to From be0175d6112ae42faa8e9db9ebec3556275af380 Mon Sep 17 00:00:00 2001 From: Michael Dawson Date: Thu, 27 Jan 2022 09:05:17 -0500 Subject: [PATCH 09/16] Update README.md Co-authored-by: Rich Trott --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ba2b18657d989d..e58ea8a58d8ec9 100644 --- a/README.md +++ b/README.md @@ -750,10 +750,10 @@ The current set of security release stewards is as follows: * [mcollina](https://github.com/mcollina) - **Matteo Collina** <> (he/him) * Red Hat and IBM - * [mhdawson](https://github.com/mhdawson) - - **Michael Dawson** <> (he/him) * [joesepi](https://github.com/joesepi)- **Joe Sepi** <> (he/him) + * [mhdawson](https://github.com/mhdawson) - + **Michael Dawson** <> (he/him) ## License From 94d6d7e56fd68d11794802041081c276ac9d051d Mon Sep 17 00:00:00 2001 From: Michael Dawson Date: Thu, 27 Jan 2022 09:05:24 -0500 Subject: [PATCH 10/16] Update doc/contributing/security-release-process.md Co-authored-by: Rich Trott --- doc/contributing/security-release-process.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/contributing/security-release-process.md b/doc/contributing/security-release-process.md index 4c2d4ec2f8ae5a..3fa6f8029d221b 100644 --- a/doc/contributing/security-release-process.md +++ b/doc/contributing/security-release-process.md @@ -11,7 +11,7 @@ information described. For each security release, a security steward will take ownership for coordinating the steps outlined in this process. Security stewards are nominated through an issue in the TSC repository and approved -through the regular TSC consensus process. Once approved they +through the regular TSC consensus process. Once approved, they are given access to all of the resources needed to carry out the steps listed in the process as outlined in [security steward on/off boarding](security-steward-on-off-boarding.md). From b6805db04ce0f0dbcb259730961d2fe6e3fb4458 Mon Sep 17 00:00:00 2001 From: Michael Dawson Date: Thu, 27 Jan 2022 09:05:52 -0500 Subject: [PATCH 11/16] Update doc/contributing/security-release-process.md Co-authored-by: Rich Trott --- doc/contributing/security-release-process.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/contributing/security-release-process.md b/doc/contributing/security-release-process.md index 3fa6f8029d221b..fa992b933bbcd8 100644 --- a/doc/contributing/security-release-process.md +++ b/doc/contributing/security-release-process.md @@ -17,7 +17,7 @@ steps listed in the process as outlined in [security steward on/off boarding](security-steward-on-off-boarding.md). The current security stewards are documented in the main Node.js -[README.md](https://github.com/nodejs/node#security-stewards). +[README.md](https://github.com/nodejs/node#security-release-stewards). The current rotation is as follows: From c98a1f70bb59c3f0130bc1e529afb98e88009094 Mon Sep 17 00:00:00 2001 From: Michael Dawson Date: Thu, 27 Jan 2022 09:06:03 -0500 Subject: [PATCH 12/16] Update README.md Co-authored-by: Rich Trott --- README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/README.md b/README.md index e58ea8a58d8ec9..1cab127b39ad21 100644 --- a/README.md +++ b/README.md @@ -739,8 +739,6 @@ prioritize security releases. Security release stewards manage security releases on a rotation basis as outlined in the [security release process](./doc/contributing/security-release-process.md). -The current set of security release stewards is as follows: - * Datadog * [bengl](https://github.com/bengl) - **Bryan English** <> (he/him) From 108ea44f02afdfa79242fa7adb8fb223cbcf3a5c Mon Sep 17 00:00:00 2001 From: Michael Dawson Date: Thu, 27 Jan 2022 09:06:11 -0500 Subject: [PATCH 13/16] Update README.md Co-authored-by: Rich Trott --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1cab127b39ad21..39b7a3cdd43dec 100644 --- a/README.md +++ b/README.md @@ -729,7 +729,7 @@ use these keys to verify a downloaded file. -### Security Release Stewards +### Security release stewards When possible, the commitment to take slots in the security release steward rotation is made by companies in order From e854d71149dc0e0eda2eb2957ef2951df38b4c60 Mon Sep 17 00:00:00 2001 From: Michael Dawson Date: Thu, 27 Jan 2022 09:06:24 -0500 Subject: [PATCH 14/16] Update doc/contributing/security-release-process.md Co-authored-by: Rich Trott --- doc/contributing/security-release-process.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/doc/contributing/security-release-process.md b/doc/contributing/security-release-process.md index fa992b933bbcd8..f5de677f443815 100644 --- a/doc/contributing/security-release-process.md +++ b/doc/contributing/security-release-process.md @@ -19,8 +19,6 @@ steps listed in the process as outlined in The current security stewards are documented in the main Node.js [README.md](https://github.com/nodejs/node#security-release-stewards). -The current rotation is as follows: - | Company | Person | Release Date | | ---------- | -------- | ------------ | | NearForm | Matteo | Oct 21 | From 956b31d849e3715ebe3fdf85b397f88afaad6981 Mon Sep 17 00:00:00 2001 From: Michael Dawson Date: Thu, 27 Jan 2022 09:06:35 -0500 Subject: [PATCH 15/16] Update doc/contributing/security-release-process.md Co-authored-by: Rich Trott --- doc/contributing/security-release-process.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/contributing/security-release-process.md b/doc/contributing/security-release-process.md index f5de677f443815..2d5a129f3354ef 100644 --- a/doc/contributing/security-release-process.md +++ b/doc/contributing/security-release-process.md @@ -21,8 +21,8 @@ The current security stewards are documented in the main Node.js | Company | Person | Release Date | | ---------- | -------- | ------------ | -| NearForm | Matteo | Oct 21 | -| Datadog | Bryan | Jan 22 | +| NearForm | Matteo | 2021-Oct-21 | +| Datadog | Bryan | 2022-Jan-22 | | RH and IBM | Joe | | | NearForm | Matteo | | | Datadog | Vladimir | | From 2cc87205cbf8b8e659c3bb60a94820f772d8bd93 Mon Sep 17 00:00:00 2001 From: Michael Dawson Date: Fri, 28 Jan 2022 17:15:45 -0500 Subject: [PATCH 16/16] Update doc/contributing/security-release-process.md Co-authored-by: Richard Lau --- doc/contributing/security-release-process.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/contributing/security-release-process.md b/doc/contributing/security-release-process.md index 2d5a129f3354ef..6aee4655ad75b8 100644 --- a/doc/contributing/security-release-process.md +++ b/doc/contributing/security-release-process.md @@ -21,8 +21,8 @@ The current security stewards are documented in the main Node.js | Company | Person | Release Date | | ---------- | -------- | ------------ | -| NearForm | Matteo | 2021-Oct-21 | -| Datadog | Bryan | 2022-Jan-22 | +| NearForm | Matteo | 2021-Oct-12 | +| Datadog | Bryan | 2022-Jan-10 | | RH and IBM | Joe | | | NearForm | Matteo | | | Datadog | Vladimir | |