In light of the various security concerns raised across open source over the last few weeks we should revisit our policy to become a CPC member and/or what level of internal access this role gives you.
Some suggestions to get the discussion started:
prune membership every 3 months
require presence and input during CPC meetings for a certain period of time before becoming a member
have a separate security mailing list with maintainers + CPC voting members + chairs + board + security collab space members
be championed by an existing CPC member
Given the extraordinary context, I'm going to exceptionally block open CPC membership requests until we've made progress on this issue. So let's prioritize moving forward with this asap.
In light of the various security concerns raised across open source over the last few weeks we should revisit our policy to become a CPC member and/or what level of internal access this role gives you.
Some suggestions to get the discussion started:
Given the extraordinary context, I'm going to exceptionally block open CPC membership requests until we've made progress on this issue. So let's prioritize moving forward with this asap.