update current status and contact details

py-pdf · Jan 28, 2025 · 045dcb6 · 045dcb6
1 parent bf63435
commit 045dcb6
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 13 deletions.
diff --git a/.github/SECURITY.md b/.github/SECURITY.md
@@ -6,8 +6,11 @@ Security fixes are applied to the latest version.
 
 ## Reporting a Vulnerability
 
-If you find a potential security issue, please report it to TODO
-(the current maintainer).
+If you find a potential security issue, please report it using the
+[private vulnerability reporting](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability) feature of GitHub to
+automatically inform all relevant team members. Otherwise, please
+get in touch with stefan6419846 through e-mail (current maintainer,
+address in GitHub profile).
 
 We will try to find a fix in a timely manner and will then issue a security
 advisory together with the update via GitHub

diff --git a/docs/dev/releasing.md b/docs/dev/releasing.md
@@ -60,3 +60,6 @@ The release contains the following steps:
 
 There is no need to wait for anything. If the CI is green (all tests succeeded),
 we can release.
+
+At the moment, there is no fixed release cycle - except that we usually release
+on Sunday.
diff --git a/docs/meta/project-governance.md b/docs/meta/project-governance.md
@@ -134,7 +134,8 @@ maintainers do their best to fix that in a timely manner - please
 ## People
 
 * [stefan6419846](https://github.com/stefan6419846) is the benevolent dictator since January 2025
-* [Martin Thoma](https://github.com/MartinThoma) was the benevolent dictator from April 2022 to January 2025
+* [Martin Thoma](https://github.com/MartinThoma) was the benevolent dictator from April 2022 to January 2025.
+  He still has most of the permissions as a fallback.
 * Maintainers:
     * Matthew Stamy (mstamy2) was the benevolent dictator for a long time.
       He still is around on GitHub once in a while and has permissions on PyPI and GitHub.

diff --git a/docs/meta/taking-ownership.md b/docs/meta/taking-ownership.md
@@ -1,16 +1,13 @@
 # Taking Ownership of pypdf
 
-pypdf is currently maintained by me, Martin Thoma. I want to avoid that
+pypdf is currently maintained by stefan6419846. We want to avoid that
 pypdf ever goes unmaintained again. This document serves as a guide to avoid
 that if I become unavailable, e.g. due to severe health issues.
 
 This currently is just an abstract scenario. I'm fine and I will likely do this
 for several more years, but I have seen how projects stand still for many years
 because of the maintainer becoming inactive.
 
-I've also followed the [GitHub Deceased User Policy](https://docs.github.com/en/site-policy/other-site-policies/github-deceased-user-policy)
-and added a [pre-designated successor](https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/maintaining-ownership-continuity-of-your-personal-accounts-repositories).
-
 ## What belongs to pypdf?
 
 The resources needed for maintaining pypdf are:
@@ -21,20 +18,19 @@ The resources needed for maintaining pypdf are:
 
 ## When may somebody take ownership?
 
-**No activity in 180 days**: If I don't answer e-mails (TODO)
+**No activity in 180 days**: If I don't answer e-mails (see my GitHub profile)
 and don't make any commits / merges for half a year, you can consider pypdf "not
 maintained".
 
 ## Who may take ownership?
 
-Preferably, one of the owners of the Github `py-pdf` organization takes care of
+Preferably, one of the owners of the GitHub `py-pdf` organization takes care of
 that.
 
-From my current perspective (Martin Thoma, 27th of August 2023), the following
-people might be candidates:
+As of 27th of August 2023, the following people might be candidates:
 
 * [Lucas-C](https://github.com/Lucas-C): He maintains fpdf2 and is a py-pdf owner
-* [pubpub-zz](https://github.com/pubpub-zz): He is the most active contributor
+* [pubpub-zz](https://github.com/pubpub-zz): He is one of the most active contributors
   to pypdf
 * [Matthew Peveler](https://github.com/MasterOdin): Less active, but he is very
   careful about breaking changes and an experienced software developer.
@@ -44,5 +40,5 @@ people might be candidates:
 ## How to take ownership?
 
 * PyPI: Follow [PEP 541 – Package Index Name Retention](https://peps.python.org/pep-0541/)
-* Github: Talk with one of the other py-pdf organization owners
+* GitHub: Talk with one of the other py-pdf organization owners
 * ReadTheDocs: Follow the [Abandoned projects policy](https://docs.readthedocs.io/en/latest/abandoned-projects.html)