Off-boarding task list - Githubissues

nodejs / Release

Node.js Release Working Group

4.04k stars 577 forks source link

Off-boarding task list #1039

Closed RafaelGSS closed 1 month ago

RafaelGSS commented 1 month ago

To proceed with https://github.com/nodejs/Release/issues/1036 we need to establish a off-boarding task list

I thought in:

[ ] Move to the Emeritus section in README
[ ] Remove from @nodejs/releasers and @nodejs/security-release team
[ ] If the user isn't in the security-external or security-release-stewards group, remove from nodejs-private org
[ ] Remove from nodejs-release-private Slack channel
[ ] Remove from HackerOne group access

Should we also drop all GPG keys from nodejs/release-keys?

richardlau commented 1 month ago

See https://github.com/nodejs/Release/blob/main/GOVERNANCE.md#offboarding-releasers. I turned that into a checklist for Myles' offboarding in https://github.com/nodejs/Release/pull/1024#issuecomment-2252941171

Should we also drop all GPG keys from nodejs/release-keys?

I'm not sure about this one, as you may still want to validate the signature of past releases. I don't think we resolved the discussion in https://github.com/nodejs/release-keys/pull/28#issuecomment-2161774112.

aduh95 commented 1 month ago

Should we also drop all GPG keys from nodejs/release-keys?

I agree that validating past releases should remain possible ideally; the project should have a way to mark those as "expired" though, in case the private key is leaked for example.

RafaelGSS commented 1 month ago

Thanks, I'll create the off-boarding issues