From 1ebc9c1b3ce4d473ea946100c8fe5679181913fe Mon Sep 17 00:00:00 2001 From: Matteo Collina Date: Thu, 21 Nov 2024 21:05:04 +0100 Subject: [PATCH] Add requirement that non-collaborator members be approved by the TSC (#3956) * Add requirement that non-collaborator members be approved by the TSC To avoid XY-style attacks, build-wg members should be highly trusted. Therefore, if they are not already Node.js collaborators, they should be approved by the TSC. * Update GOVERNANCE.md Co-authored-by: Ruben Bridgewater --------- Co-authored-by: Ruben Bridgewater --- GOVERNANCE.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/GOVERNANCE.md b/GOVERNANCE.md index a9933f2c9..799a7d693 100644 --- a/GOVERNANCE.md +++ b/GOVERNANCE.md @@ -56,7 +56,9 @@ should be aware of the bounds of their expertise and act accordingly. the basics of a trust relationship. The most two most straightforward paths to trust are: 1. An established relationship with the Node.js project and its associated - working groups and activities. The longer the better. + working groups and activities. The longer the better. In case of doubt, + or if the individual is _not_ a Node.js Collaborator, contact the Node.js + TSC. 2. A contractual relationship (such as employment) with a member company of the OpenJS Foundation. Contractual relationships carry legal weight and provide greater likelihood of a stable trust relationship; at a minimum