Off-boarding task list

[RafaelGSS]

To proceed with #1036 we need to establish a off-boarding task list

I thought in:

• Move to the Emeritus section in README
• Remove from @nodejs/releasers and @nodejs/security-release team
• If the user isn't in the security-external or security-release-stewards group, remove from nodejs-private org
• Remove from nodejs-release-private Slack channel
• Remove from HackerOne group access

Should we also drop all GPG keys from nodejs/release-keys?

[richardlau]

See https://github.com/nodejs/Release/blob/main/GOVERNANCE.md#offboarding-releasers. I turned that into a checklist for Myles' offboarding in #1024 (comment)

Should we also drop all GPG keys from nodejs/release-keys?

I'm not sure about this one, as you may still want to validate the signature of past releases. I don't think we resolved the discussion in nodejs/release-keys#28 (comment).

[aduh95]

Should we also drop all GPG keys from nodejs/release-keys?

I agree that validating past releases should remain possible ideally; the project should have a way to mark those as "expired" though, in case the private key is leaked for example.

[RafaelGSS]

Thanks, I'll create the off-boarding issues