docs: update Contributing.md to clarify repo captain permissions#6357
docs: update Contributing.md to clarify repo captain permissions#6357bjohansebas wants to merge 1 commit intomasterfrom
Conversation
bjohansebas
added
docs
|
There is no section that specifies the inactivity period for a committer or captain, it's only mentioned for TC and triage. It might be a good idea to document it as well. |
| organizations. These captains are responsible for being the primary | ||
| day-to-day maintainers of the repo on a technical and community front. | ||
| Repo captains are empowered with repo ownership and package publication rights. | ||
| Repo captains are empowered with maintain access and package publication rights. |
There was a problem hiding this comment.
I understand that only the TCs can have admin rights, but when it comes to security reports, with maintainer rights, it is not possible to publish or review those reports on GitHub. There are quite a few limitations with those permissions.
There was a problem hiding this comment.
I believe that this is intentional. Security reports should come through the security triage team first and the repo captains should be looped in once the initial triage has happened. So they would be individually added to applicable security issues/pr's/private forks.
Maybe I am wrong on that though? cc @UlisesGascon @ctcpip
There was a problem hiding this comment.
Re-posting this comment here:
We might also want to say "Repo captians are empowered to maintain the project with the repo maintain role and pacakge publication rights."?
|
This needs to be moved to the discussions repo |
2 participants
This came up in expressjs/discussions#326, to clarify a bit the permissions of captains.