process: describe sec team membership and policy

PR-URL: #56 Reviewed-By: Bryan English <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Evan Lucas <[email protected]> Reviewed-By: Vladimir Kurchatkin <[email protected]> Reviewed-By: Hitesh Kanwathirtha <[email protected]>
nodejs · Oct 27, 2017 · 129aaea · 129aaea
1 parent 886d2db
commit 129aaea
Showing 1 changed file with 92 additions and 0 deletions.
diff --git a/processes/security_team_members.md b/processes/security_team_members.md
@@ -0,0 +1,92 @@
+# Node.js Security Team
+
+Node.js security team members are expected to keep all information that they have
+privileged access to by being on the team completely private to the team. This
+includes agreeing to not notify anyone outside the team of issues that have not
+yet been disclosed publicly, including the existence of issues, expectations of
+upcoming releases, and patching of any issues other than in the process of their
+work as a member of the security team.
+
+Membership on the security teams can be requested via an issue in the TSC repo,
+and must be approved by current team members.
+
+Members of the security teams should indicate that they accept the privacy
+policies by PRing their acceptance to this file.
+
+## Team that triages security reports against node core
+
+- @bnoordhuis - **Ben Noordhuis**
+- @indutny - **Fedor Indutny**
+- @rvagg - **Rod Vagg**
+- @jasnell - **James M Snell**
+- @shigeki - **Shigeki Ohtsu**
+- @MylesBorins - **Myles Borins**
+
+List is from ["security" alias](https://github.com/nodejs/email/blob/master/iojs.org/aliases.json).
+
+## Team with access to security issues
+
+- @ChALkeR - **Сковорода Никита Андреевич**
+- @Fishrock123 - **Jeremiah Senkpiel**
+- @MylesBorins - **Myles Borins**
+- @Trott - **Rich Trott**
+- @addaleax - **Anna Henningsen**
+- @bnoordhuis - **Ben Noordhuis**
+- @cjihrig - **Colin Ihrig**
+- @dougwilson - **Douglas Wilson**
+- @ejratl - **Emily Ratliff**
+- @evanlucas - **Evan Lucas**
+- @evilpacket - **Adam Baldwin**
+- @grnd - **Danny Grander**
+- @indutny - **Fedor Indutny**
+- @jasnell - **James M Snell**
+- @jbergstroem - **Johan Bergström**
+- @joaocgreis - **João Reis**
+- @joshgav - **Josh Gavant**
+- @mhdawson - **Michael Dawson**
+- @mscdex - **Brian White**
+- @ofrobots - **Ali Ijaz Sheikh**
+- @rvagg - **Rod Vagg**
+- @saghul - **Saúl Ibarra Corretgé**
+- @sam-github - **Sam Roberts**
+- @shigeki - **Shigeki Ohtsu**
+- @targos - **Michaël Zasso**
+- @thefourtheye - **Sakthipriyan Vairamani**
+- @trevnorris - **Trevor Norris**
+
+List is from [nodejs/teams/security](https://github.com/orgs/nodejs/teams/security/members).
+
+## Team with access to private security patches
+
+- @addaleax     Anna Henningsen
+- @bnoordhuis	Ben Noordhuis
+- @ChALkeR	Сковорода Никита Андреевич
+- @cjihrig	Colin Ihrig
+- @dougwilson	Douglas Wilson
+- @evanlucas	Evan Lucas
+- @evilpacket	Adam Baldwin
+- @Fishrock123	Jeremiah Senkpiel
+- @hackygolucky	Tracy
+- @indutny	Fedor Indutny
+- @jasnell	James M Snell
+- @jbergstroem	Johan Bergström
+- @joaocgreis	João Reis
+- @joshgav	Josh Gavant
+- @mhdawson	Michael Dawson
+- @mrhinkle	Mark Hinkle
+- @MylesBorins	Myles Borins
+- @ofrobots	Ali Ijaz Sheikh
+- @rvagg	Rod Vagg
+- @saghul	Saúl Ibarra Corretgé
+- @sam-github	Sam Roberts
+- @targos	Michaël Zasso
+- @thefourtheye	Sakthipriyan Vairamani
+- @Trott	Rich Trott
+
+List is from
+[orgs/nodejs-private/people](https://github.com/orgs/nodejs-private/people),
+who have access to
+[nodejs-private/node-private](https://github.com/nodejs-private/node-private).
+
+Every member of the team with access to security issues should have access to
+the private security patches as well.