Add requirement that non-collaborator members be approved by the TSC (#3956)

mcollina · BridgeAR · web-flow · commit 1ebc9c1b3ce4 · 2024-11-21T15:05:04.000-05:00
* Add requirement that non-collaborator members be approved by the TSC

To avoid XY-style attacks, build-wg members should be highly trusted. Therefore, if they are not already Node.js collaborators, they should be approved by the TSC.

* Update GOVERNANCE.md

Co-authored-by: Ruben Bridgewater &lt;ruben@bridgewater.de&gt;

---------

Co-authored-by: Ruben Bridgewater &lt;ruben@bridgewater.de&gt;
diff --git a/GOVERNANCE.md b/GOVERNANCE.md
@@ -56,7 +56,9 @@ should be aware of the bounds of their expertise and act accordingly.
   the basics of a trust relationship. The most two most straightforward paths
   to trust are:
   1. An established relationship with the Node.js project and its associated
-     working groups and activities. The longer the better.
+     working groups and activities. The longer the better. In case of doubt,
+     or if the individual is _not_ a Node.js Collaborator, contact the Node.js
+     TSC.
   2. A contractual relationship (such as employment) with a member company of
      the OpenJS Foundation. Contractual relationships carry legal weight and
      provide greater likelihood of a stable trust relationship; at a minimum
