Review content and PR process Criteria

[dcmiddle]

The project should consider adding PR criteria including process criteria like maintainer diversity and minimum duration for receiving feedback.
The goal should be to set a bar for valuable content that is equitably reviewed.
The higher quality the content the more valuable this project will be to the community.

[scovetta]

I can definitely get behind a minimum duration for receiving feedback -- does a week sound reasonable to you? And worst case, feedback can always come in afterwards.

Re: maintainer diversity -- I think this would penalize "single developer" projects -- the goal of this project isn't really to describe project health (something like the OpenSSF Scorecards project would provide that information). Unless I've misunderstood what you mean here.

[dcmiddle]

Sorry there's a lot of overloaded words here talking about reviews of security reviews. :)
Regarding maintainer diversity I meant for this security-reviews project, i.e. a PR should require two different security-reviews maintainers approving the PR before it is merged.

And yes I think 1 week sounds good. enough time for interested parties to have seen something and not too long to slow down progress.