New Maintainer Onboarding (First 30 Days)

A concise playbook for maintainers to run healthy, welcoming communities: clear review flow, lightweight triage, inclusive meetings, growth pathways, and neutral communications.

TBD

TBD

Week 1 — Foundations

Baseline docs, labels, triage schedule, branch protections & required checks.

• Ensure GOVERNANCE.md, MAINTAINERS.md, CODE_OF_CONDUCT.md, CONTRIBUTING.md exist and are linked from README
• Set up labels and a triage schedule
• Enable branch protections and required CI checks

Week 2 — Security & Releases

SECURITY.md, embargo, signed releases, provenance & SBOM, Scorecard baseline.

• Add SECURITY.md with private contact and embargo process
• Configure signed releases, provenance, and SBOM generation
• Run OpenSSF Scorecard; capture baseline and fix high-impact items

Week 3 — Community Routines

Community call + notes, good-first-issues, review workflow & SLAs.

• Host/join a community call; publish notes
• Tag and mentor good first issue items
• Document PR review workflow and SLAs in CONTRIBUTING.md

Week 4 — Plan & Report

90‑day roadmap, project update, verify LFDT required processes.

• Draft a 90-day lightweight roadmap and post it
• Publish a short project update (wins, risks, asks)
• Verify you meet LFDT required processes (updates, annual review, inactivity policy)

Quick Links

• Governance & roles → GOVERNANCE.md, MAINTAINERS.md
• Security policy → SECURITY.md
• Release process → Release checklist (Templates page)
• Community growth → Community playbook

---

Related

• Templates · Security · Community