From 9df44b4c5f5c80278c56b9f5dee49d25ccab4086 Mon Sep 17 00:00:00 2001
From: "Rafael Gonzaga rafael.nunu@hotmail.com" <rafael.nunu@hotmail.com>
Date: Wed, 19 Mar 2025 12:44:51 -0300
Subject: [PATCH 1/2] doc: add Slack as resource to maintainers threat model

As discussed in the Security team meeting, we should also include
slack to the list of resources
---
 MAINTAINERS_THREAT_MODEL.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/MAINTAINERS_THREAT_MODEL.md b/MAINTAINERS_THREAT_MODEL.md
index 1551f9b3f..2459568f5 100644
--- a/MAINTAINERS_THREAT_MODEL.md
+++ b/MAINTAINERS_THREAT_MODEL.md
@@ -57,6 +57,7 @@ repositories in the org, like Working groups or subteams.
 | **Social media accounts**    | - | -\-\- | -\-\- | -\-\-| -\-\- | -\- | - |
 | **Email** (nodejs-sec)       | r | rrr   | rrr   | awr  | wrr   | rr  | - |
 | **Email** (io.js aliases)    | r | -\-\- | -a-   | w-\- | -\-\- | -\- | - |
+| **Slack**                    | r | rrr | rrr | rrrr | rrr | -\w | r |
 
 Repos under nodejs which do not include code, are not covered as they cannot lead to the threats listed.
 pkgjs.org is excluded as it does not include code/repos that make it into Node.js binaries
@@ -103,6 +104,7 @@ or inderictly (builds process/testing)
 | **Social media accounts**    | -     | N\A |
 | **Email** (nodejs-sec)       | -     | N\A |
 | **Email** (io.js aliases)    | -     | N\A |
+| **Slack**                    | -     | N\A |
 
 ### Malicious release binary generation in Node.js release/build processes
 
@@ -156,6 +158,7 @@ scripts, pollute plugins, overwrite configuration...)
 | **Social media accounts**    | - | N\A |
 | **Email** (nodejs-sec)       | - | N\A |
 | **Email** (io.js aliases)    | - | N\A |
+| **Slack**                    | - | N\A |
 
 Notes:
 
@@ -190,3 +193,4 @@ Notes:
 | **Social media accounts**    | - | N\A |
 | **Email** (nodejs-sec)       | - | N\A |
 | **Email** (io.js aliases)    | - | N\A |
+| **Slack**                    | - | N\A |

From ed142d39d48c26b5d4017103f481f549e00782ad Mon Sep 17 00:00:00 2001
From: "Rafael Gonzaga rafael.nunu@hotmail.com" <rafael.nunu@hotmail.com>
Date: Wed, 19 Mar 2025 12:55:34 -0300
Subject: [PATCH 2/2] doc: add Calendar as resource to maintainers threat model

As discussed in the Security team meeting
---
 MAINTAINERS_THREAT_MODEL.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/MAINTAINERS_THREAT_MODEL.md b/MAINTAINERS_THREAT_MODEL.md
index 2459568f5..1c7f95a35 100644
--- a/MAINTAINERS_THREAT_MODEL.md
+++ b/MAINTAINERS_THREAT_MODEL.md
@@ -58,6 +58,7 @@ repositories in the org, like Working groups or subteams.
 | **Email** (nodejs-sec)       | r | rrr   | rrr   | awr  | wrr   | rr  | - |
 | **Email** (io.js aliases)    | r | -\-\- | -a-   | w-\- | -\-\- | -\- | - |
 | **Slack**                    | r | rrr | rrr | rrrr | rrr | -\w | r |
+| **Calendar**                 | r | rrr   | rrr   | rrrr | rrr   | -\- | r |
 
 Repos under nodejs which do not include code, are not covered as they cannot lead to the threats listed.
 pkgjs.org is excluded as it does not include code/repos that make it into Node.js binaries
@@ -105,6 +106,7 @@ or inderictly (builds process/testing)
 | **Email** (nodejs-sec)       | -     | N\A |
 | **Email** (io.js aliases)    | -     | N\A |
 | **Slack**                    | -     | N\A |
+| **Calendar**                 | -     | N\A |
 
 ### Malicious release binary generation in Node.js release/build processes
 
@@ -159,6 +161,7 @@ scripts, pollute plugins, overwrite configuration...)
 | **Email** (nodejs-sec)       | - | N\A |
 | **Email** (io.js aliases)    | - | N\A |
 | **Slack**                    | - | N\A |
+| **Calendar**                 | - | N\A |
 
 Notes:
 
@@ -194,3 +197,4 @@ Notes:
 | **Email** (nodejs-sec)       | - | N\A |
 | **Email** (io.js aliases)    | - | N\A |
 | **Slack**                    | - | N\A |
+| **Calendar**                 | - | N\A |