admin icon indicating copy to clipboard operation
admin copied to clipboard
verified publisher icon nodejs

Node.js Coverity project maintainers

Open richardlau opened this issue 1 year ago • 2 comments

Currently the offboarding process for nodejs/node collaborators has this: https://github.com/nodejs/node/blob/e92446536ed4e268c9eef6ae6f911e384c98eecf/doc/contributing/offboarding.md?plain=1#L20-L23

  • Open an issue in the nodejs/build repository titled Remove Collaborator from Coverity asking that the collaborator be removed from the Node.js coverity project if they had access.

This is for Node.js project we have with the static analysis Coverity tool at: https://scan.coverity.com/projects/node-js

There are currently five people with Maintainer/Owner role -- three from the Build WG, one from the TSC and one former Build WG/TSC.

Historically Build have had a maintainer role to be able to download the build tool from Coverity that is run on the CI to upload scans to Coverity.

I think the Coverity project should have other maintainers -- either the @nodejs/tsc or a subset such as the @nodejs/security-wg (since the items flagged by the tool are potentially exploitable) and am opening this issue to discuss if we want to expand/formalize who can manage membership of this account.

richardlau avatar Oct 21 '24 17:10 richardlau

I'd be happy to be added.

mcollina avatar Oct 22 '24 07:10 mcollina

+1 TSC as owners

RafaelGSS avatar Oct 30 '24 15:10 RafaelGSS