docs: update Contributing.md to clarify repo captain permissions #6357
Conversation
bjohansebas
added
docs
semver-ignore
|
There is no section that specifies the inactivity period for a committer or captain, it's only mentioned for TC and triage. It might be a good idea to document it as well. |
| @@ -120,7 +120,7 @@ active member steps down. | |||
| The Express TC can designate captains for individual projects/repos in the | |||
| organizations. These captains are responsible for being the primary | |||
| day-to-day maintainers of the repo on a technical and community front. | |||
| Repo captains are empowered with repo ownership and package publication rights. | |||
| Repo captains are empowered with maintain access and package publication rights. | |||
There was a problem hiding this comment.
I understand that only the TCs can have admin rights, but when it comes to security reports, with maintainer rights, it is not possible to publish or review those reports on GitHub. There are quite a few limitations with those permissions.
There was a problem hiding this comment.
I believe that this is intentional. Security reports should come through the security triage team first and the repo captains should be looped in once the initial triage has happened. So they would be individually added to applicable security issues/pr's/private forks.
Maybe I am wrong on that though? cc @UlisesGascon @ctcpip
There was a problem hiding this comment.
Re-posting this comment here:
We might also want to say "Repo captians are empowered to maintain the project with the repo maintain role and pacakge publication rights."?
|
This needs to be moved to the discussions repo |
This came up in expressjs/discussions#326, to clarify a bit the permissions of captains.