Document GitHub and NPM Organisation Management Policy #30
Description
As a supporting document to the Governance, we should formally document how the LoopBack GitHub and NPM Organisations are managed, this may include (but is not limited to):
- Administrative ownership
- Security requirements (e.g. Multi-factor authentication)
- Teams/roles and the permissions delegated (e.g. to merge, to push to default branch)
- Policy and processes for adding third-party integration (e.g. Third-party GitHub Actions Workflow, NPM access tokens, third-party bots and services)
- Git Repository lifecycle management processes (i.e. for creation/archival/deletion/transfer of Git Repositories)
Prior art that we can take influence from: https://github.com/openjs-foundation/cross-project-council/blob/845960f44870e731c1208497c154952a87468b8d/governance/GITHUB_ORG_MANAGEMENT_POLICY.md