From 7406443725415249203037bf25f88d4802eb2407 Mon Sep 17 00:00:00 2001 From: Antoine GIRARD Date: Fri, 8 Jun 2018 15:19:50 +0200 Subject: [PATCH 1/6] Improve contributing guidelines for security --- CONTRIBUTING.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index e02110b5747e5..902f6c7902d47 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -201,6 +201,10 @@ an advisor has time to code review, we will gladly welcome them back to the maintainers team. If a maintainer is inactive for more than 3 months and forgets to leave the maintainers team, the owners may move him or her from the maintainers team to the advisors team. +For security reason, Maintainers should use 2FA for theirs accounts and +provide gpg signed commit. +https://help.github.com/articles/securing-your-account-with-two-factor-authentication-2fa/ +https://help.github.com/articles/signing-commits-with-gpg/ ## Owners @@ -211,6 +215,8 @@ be the main owner, and the other two the assistant owners. When the new owners have been elected, the old owners will give up ownership to the newly elected owners. If an owner is unable to do so, the other owners will assist in ceding ownership to the newly elected owners. +For security reason, Maintainers must use 2FA for theirs accounts. +https://help.github.com/articles/securing-your-account-with-two-factor-authentication-2fa/ After the election, the new owners should proactively agree with our [CONTRIBUTING](CONTRIBUTING.md) requirements in the From 618d58091fb7616e2204a0fdbf70de5b425d99e4 Mon Sep 17 00:00:00 2001 From: Antoine GIRARD Date: Fri, 8 Jun 2018 15:22:19 +0200 Subject: [PATCH 2/6] Update CONTRIBUTING.md --- CONTRIBUTING.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 902f6c7902d47..b36b151959216 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -201,8 +201,8 @@ an advisor has time to code review, we will gladly welcome them back to the maintainers team. If a maintainer is inactive for more than 3 months and forgets to leave the maintainers team, the owners may move him or her from the maintainers team to the advisors team. -For security reason, Maintainers should use 2FA for theirs accounts and -provide gpg signed commit. +For security reasons, Maintainers should use 2FA for theirs accounts and +provide gpg signed commits. https://help.github.com/articles/securing-your-account-with-two-factor-authentication-2fa/ https://help.github.com/articles/signing-commits-with-gpg/ @@ -215,7 +215,7 @@ be the main owner, and the other two the assistant owners. When the new owners have been elected, the old owners will give up ownership to the newly elected owners. If an owner is unable to do so, the other owners will assist in ceding ownership to the newly elected owners. -For security reason, Maintainers must use 2FA for theirs accounts. +For security reasons, Maintainers must use 2FA for theirs accounts. https://help.github.com/articles/securing-your-account-with-two-factor-authentication-2fa/ After the election, the new owners should proactively agree From c5340c344f8b9d3984b1a6794c242d9985c38fad Mon Sep 17 00:00:00 2001 From: Antoine GIRARD Date: Fri, 8 Jun 2018 15:22:57 +0200 Subject: [PATCH 3/6] Update CONTRIBUTING.md --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index b36b151959216..1018424fb334b 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -202,7 +202,7 @@ to the maintainers team. If a maintainer is inactive for more than 3 months and forgets to leave the maintainers team, the owners may move him or her from the maintainers team to the advisors team. For security reasons, Maintainers should use 2FA for theirs accounts and -provide gpg signed commits. +if possible provide gpg signed commits. https://help.github.com/articles/securing-your-account-with-two-factor-authentication-2fa/ https://help.github.com/articles/signing-commits-with-gpg/ From b2f12a0fa8b27f90cb120f6e503a72691cd7d546 Mon Sep 17 00:00:00 2001 From: Antoine GIRARD Date: Fri, 8 Jun 2018 15:24:24 +0200 Subject: [PATCH 4/6] Update CONTRIBUTING.md --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 1018424fb334b..656cfee2b6d3d 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -215,7 +215,7 @@ be the main owner, and the other two the assistant owners. When the new owners have been elected, the old owners will give up ownership to the newly elected owners. If an owner is unable to do so, the other owners will assist in ceding ownership to the newly elected owners. -For security reasons, Maintainers must use 2FA for theirs accounts. +For security reasons, Owners must use 2FA for theirs accounts. https://help.github.com/articles/securing-your-account-with-two-factor-authentication-2fa/ After the election, the new owners should proactively agree From 7ec5da489864606350ec587cc2acb5d18fc50a18 Mon Sep 17 00:00:00 2001 From: Antoine GIRARD Date: Fri, 8 Jun 2018 19:16:00 +0200 Subject: [PATCH 5/6] Update CONTRIBUTING.md --- CONTRIBUTING.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 656cfee2b6d3d..ae57b67a0dce6 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -215,7 +215,8 @@ be the main owner, and the other two the assistant owners. When the new owners have been elected, the old owners will give up ownership to the newly elected owners. If an owner is unable to do so, the other owners will assist in ceding ownership to the newly elected owners. -For security reasons, Owners must use 2FA for theirs accounts. +For security reasons, Owners or any account with write access (like a bot) +must use 2FA. https://help.github.com/articles/securing-your-account-with-two-factor-authentication-2fa/ After the election, the new owners should proactively agree From 097b652c39c9cea994888ea21a25ff7a93c35d8b Mon Sep 17 00:00:00 2001 From: Antoine GIRARD Date: Sat, 9 Jun 2018 11:35:14 +0200 Subject: [PATCH 6/6] remove extra 's' --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index ae57b67a0dce6..13f1ce41c4875 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -201,7 +201,7 @@ an advisor has time to code review, we will gladly welcome them back to the maintainers team. If a maintainer is inactive for more than 3 months and forgets to leave the maintainers team, the owners may move him or her from the maintainers team to the advisors team. -For security reasons, Maintainers should use 2FA for theirs accounts and +For security reasons, Maintainers should use 2FA for their accounts and if possible provide gpg signed commits. https://help.github.com/articles/securing-your-account-with-two-factor-authentication-2fa/ https://help.github.com/articles/signing-commits-with-gpg/