@@ -59,10 +59,9 @@ Onboarding new contributors to the PSRT
5959
6060Unlike most open-source contributions, the work of the PSRT doesn't happen
6161in the open. Instead, most work occurs privately by a trusted group to limit
62- access to undisclosed
63- vulnerability reports. Given the sensitive nature of this work, it appears opaque from the outside, and
64- it's difficult to get started as a newcomer and to understand the
65- expectations of the group.
62+ access to undisclosed vulnerability reports. Given the sensitive nature of this
63+ work, it appears opaque from the outside, and it's difficult to get started as a
64+ newcomer and to understand the expectations of the group.
6665
6766In practice this has meant that relatively few new members join the PSRT,
6867which over time could negatively impact the group's ability to triage reports
@@ -154,19 +153,21 @@ Specification
154153PSRT Membership Policy
155154----------------------
156155
157- The Python Steering Council may add or remove members and admins of the PSRT.
158- New PSRT members must be core team members, triagers, or PSF staff,
159- and must be `proposed to and accepted `_ by the Steering Council.
156+ The PSRT will run nominations `similar to core team nominations `_, where
157+ a nomination of a new member is brought to the PSRT by an existing PSRT member
158+ and then that nomination is voted on by existing PSRT members.
159+ It is granted by receiving at least two-thirds positive votes from a vote of
160+ existing PSRT members that is open for one week and is not vetoed by the
161+ Steering Council.
160162
161- Once the Steering Council votes on a membership change to the PSRT then
162- PSRT admins will enact the change.
163163A list of PSRT members will be published publicly and kept up-to-date by PSRT
164164admins.
165165
166166Once per year the Steering Council will receive a report of inactive members of
167167the PSRT with the recommendation to remove the inactive users from the PSRT.
168168"Inactive" is defined here as a member who hasn't coordinated or commented on a
169169vulnerability report in the past year since the last report was generated.
170+ The Steering Council may remove members of the PSRT with a simple vote.
170171
171172Members of the PSRT who are a Release Manager or Steering Council
172173member may remain in the PSRT regardless of inactivity in vulnerability reports.
@@ -176,11 +177,7 @@ in the past year and without an exemption for minimum activity (Steering Council
176177Release Managers) prior to publication of this PEP. At the time of writing, this
177178would reduce the PSRT membership size to ~15 members from ~30.
178179
179- This PEP also proposes not removing members of the PSRT who are active but
180- not yet core team members or triagers, allowing them to be "legacied" in
181- to the new PSRT Membership Policy.
182-
183- .. _proposed to and accepted : https://github.com/python/steering-council/
180+ .. _similar to core team nominations : https://devguide.python.org/core-team/join-team/
184181
185182PSRT Admins
186183~~~~~~~~~~~
@@ -236,7 +233,7 @@ following additional responsibilities:
236233
237234* Managing the GitHub team, mailing list, Discord channel, and other
238235 PSRT venues to ensure they are synchronized with the canonical list of
239- PSRT members determined by the Steering Council .
236+ PSRT members.
240237* On a yearly basis, providing the Steering Council with a report including
241238 a list of inactive PSRT members.
242239
0 commit comments