Skip to content

Commit

Permalink
Add requirement that non-collaborator members be approved by the TSC
Browse files Browse the repository at this point in the history
To avoid XY-style attacks, build-wg members should be highly trusted. Therefore, if they are not already Node.js collaborators, they should be approved by the TSC.
  • Loading branch information
mcollina authored Nov 11, 2024
1 parent 924eacb commit e20017f
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions GOVERNANCE.md
Original file line number Diff line number Diff line change
Expand Up @@ -56,8 +56,10 @@ should be aware of the bounds of their expertise and act accordingly.
the basics of a trust relationship. The most two most straightforward paths
to trust are:
1. An established relationship with the Node.js project and its associated
working groups and activities. The longer the better.
2. A contractual relationship (such as employment) with a member company of
working groups and activities. The longer the better. In case of doubt,
or if the individual is _not_ a Node.js Collaborator, contact the Node.js
TSC.
3. A contractual relationship (such as employment) with a member company of
the OpenJS Foundation. Contractual relationships carry legal weight and
provide greater likelihood of a stable trust relationship; at a minimum
they establish strong legal accountability.
Expand Down

0 comments on commit e20017f

Please sign in to comment.