Applications
Rationale
The security team was created at the very begin of the Forgejo project and has not been approved by the Forgejo community. This needs to change given how critical it is to the day to day operations. Now that there exists an embryo of decision making, I propose it is done as follows.
- A discussion happens in this issue regarding how the security team is to be appointed
- Forgejo community members apply to be part of the future security team (following the examples set by the existing applications or whatever they think more appropriate).
- The larger Forgejo community is actively asked for feedback when there is at least three applicants (the assignees of this issue are accountable to make that happen)
- When at least three members meet the approval of the community, the existing security team is disolved and hand over the credentials to the newly formed team.
Does that sound like a sensible way to create a legitimate security team?
### Applications
* [fnetx](https://codeberg.org/forgejo/meta/issues/141)
* [gusted](https://codeberg.org/forgejo/meta/issues/142)
* [dachary](https://codeberg.org/forgejo/meta/issues/139)
### Rationale
The security team was created at the very begin of the Forgejo project and has not been approved by the Forgejo community. This needs to change given how critical it is to the day to day operations. Now that there exists an [embryo of decision making](https://codeberg.org/forgejo/meta/src/branch/readme/DECISION-MAKING.md), I propose it is done as follows.
* A **discussion** happens in this issue regarding how the security team is to be appointed
* Forgejo community members **apply** to be part of the future security team (following the examples set by the existing applications or whatever they think more appropriate).
* The larger Forgejo community is **actively asked for feedback** when there is at least three applicants (the assignees of this issue are accountable to make that happen)
* When at least three members meet the approval of the community, the existing security team is disolved and hand over the credentials to the newly formed team.
Does that sound like a sensible way to create a legitimate security team?