Skip to content

Latest commit

 

History

History
110 lines (78 loc) · 4.03 KB

CONTRIBUTOR-ROLE.md

File metadata and controls

110 lines (78 loc) · 4.03 KB

Contributor Roles

Security Team

Security Team members are listed in the Metal3 user-guide under the Project Security Policy. The security team is responsible for responding to all security issues reported to Metal3 project. The team can be reached at [email protected]. (Please do not report any security vulnerability to the committee members directly.) The security team ensures that the issues are mitigated and a responsible disclosure process is followed in a reasonable time. The security team has a designated Security Lead. Currently, Tuomo Tanskanen is acting as the Metal3 Security Lead. Below are the responsibilities of the Security team.

  • Responsibilities:

    • Thoroughly investigate all reports to the Security Team
    • Does not share any vulnerability information with others unless necessary to fix the issue
    • Security lead notifies the reporter as the security issue moves through the identification and resolution process
    • Uphold the Project Security Policy.
  • Qualifications:

    • Has a solid grasp of the overall architecture of Metal3, its usage in production environments, and its threat model.
    • Established the trust of Metal3 community members that they will uphold the security posture of Metal3
  • Privileges:

    • Access to security reports
    • Membership of the security team mailing list
    • Security Lead has elevated access to Metal3 github organization through the metal3_security_team GitHub team.

The process of becoming a security team member is:

  1. Nominated by a security team member and by an Metal3 Org Admin.
  2. Shadowing an existing security team member

CI Team

The CI team works to keep the CI infrastructure up and running. Please contact CI team at [email protected].

  • Responsibilities:

    • Keeping CI infrastructure healthy
    • Investigating CI infrastructure problems
    • Provide visibility into CI spend and status
  • Qualifications:

    • Must be a Metal3 Org member
    • A basic understanding of how the CI system works
  • Privileges:

    • Privileged access rights to configuring CI infrastructure is available to a small subset of people currently. The process definition of becoming a CI Team member is still work in progress.

Release Team

The Release team is responsible for releasing minor and patch releases from different repositories in Metal3. Please contact Release team at [email protected].

  • Responsibilities:

    • Making sure the repositories are ready to be released
    • Performing minor and patch releases
    • Communicate the releases to the community
  • Qualifications:

    • Must be a Metal3 Org member
    • A proper understanding of release process of different Metal3 repositories
  • Privileges:

    • Release team requires elevated access to Metal3 Github organization through the metal3_release_team Github team.

The process of becoming a release team member is:

  1. Nominated by a community member and seconded by an Metal3 Org Admin
  2. Shadowing an existing release team member

Maintainers

Maintainers are very established contributors who are responsible for the entire project. Detailed responsibilities and guideline to become a maintainer is documented here.

Onboarding / Off-boarding team members

  • Maintainers with Github org admin access are responsible for managing access permissions of different teams. They can also add/remove members in specific teams.
  • Maintainers and existing team members can onboard a new team member and onboard the member regarding the teams duties, rules and responsibilities.
  • Maintainers can also off-board a team member. In case a team member is off-boarded, any related secrets, passwords, keys etc should also be rotated.
  • If a team is completely inactive or deemed unnecessary, maintainers can remove the team based on consensus.