THIS IS A TEST INSTANCE ONLY! REPOSITORIES CAN BE DELETED AT ANY TIME!

Browse Source

Add security advice to contrib guide (#4187)

* Improve contributing guidelines for security
tags/v1.5.0-dev
Antoine GIRARD 1 year ago
parent
commit
048468560f
1 changed files with 7 additions and 0 deletions
  1. 7
    0
      CONTRIBUTING.md

+ 7
- 0
CONTRIBUTING.md View File

@@ -201,6 +201,10 @@ an advisor has time to code review, we will gladly welcome them back
201 201
 to the maintainers team. If a maintainer is inactive for more than 3
202 202
 months and forgets to leave the maintainers team, the owners may move
203 203
 him or her from the maintainers team to the advisors team.
204
+For security reasons, Maintainers should use 2FA for their accounts and
205
+if possible provide gpg signed commits. 
206
+https://help.github.com/articles/securing-your-account-with-two-factor-authentication-2fa/
207
+https://help.github.com/articles/signing-commits-with-gpg/
204 208
 
205 209
 ## Owners
206 210
 
@@ -211,6 +215,9 @@ be the main owner, and the other two the assistant owners. When the new
211 215
 owners have been elected, the old owners will give up ownership to the
212 216
 newly elected owners. If an owner is unable to do so, the other owners
213 217
 will assist in ceding ownership to the newly elected owners.
218
+For security reasons, Owners or any account with write access (like a bot)
219
+must use 2FA.
220
+https://help.github.com/articles/securing-your-account-with-two-factor-authentication-2fa/
214 221
 
215 222
 After the election, the new owners should proactively agree
216 223
 with our [CONTRIBUTING](CONTRIBUTING.md) requirements in the

Loading…
Cancel
Save