From 2fa52d3550a2ad577fdb24af88d31f7a91e72d02 Mon Sep 17 00:00:00 2001 From: Mike McQuaid Date: Thu, 7 Mar 2024 10:52:45 +0000 Subject: [PATCH] docs/Homebrew-Governance: clarify emergency text. --- docs/Homebrew-Governance.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/Homebrew-Governance.md b/docs/Homebrew-Governance.md index ba24aa3f1f..012d34ee9c 100644 --- a/docs/Homebrew-Governance.md +++ b/docs/Homebrew-Governance.md @@ -161,4 +161,4 @@ The TSC or PL may request a review in the event of noticeable no communication i The TSC will consider appeals no more than once per quarter per maintainer until the next AGM. The TSC will not consider any maintainer removal review until three months after the 2023 AGM. -In emergency situations, including but not limited to malicious commits, suspicious activity, abuse of resources, or any action or activity that could harm the security posture of the Homebrew codebase, systems, or organisation, the PL or anyone with the capability to remove privileges should remove a maintainer's privileges. Upon doing so, they must inform the PLC and the TSC. The PLC will review the impact of the situation for further action. The TSC will review the removal of any maintainer removed under this clause within two weeks and instruct the PL to restore the maintainer's privileges only if the situation is resolved. The TSC will document the situation in an incident report to be shared with members and recommend changes to security settings or this governance document to prevent the situation from occurring again. +In emergency situations, including but not limited to malicious commits, suspicious activity, abuse of resources, or any action or activity that could harm the security posture of the Homebrew codebase, systems, or organisation, the PL or anyone with the capability to remove privileges should remove any or all of a maintainer's access rights (e.g. to GitHub, Slack, 1Password, etc.). Upon doing so, they must inform the PLC and the TSC. The PLC will discuss the situation. The TSC will review the removal of any maintainer removed under this clause within two weeks and instruct the PL to restore the maintainer's privileges only if the situation is resolved. This is considered to be the maintainer removal appeal process, as mentioned above. The TSC will document the situation in an incident report to be shared with members and recommend changes to security settings, maintainer policy, this governance document or any additional measures required to prevent the situation from occurring again.