meta: discuss authenticity of nominees

Author: jasnell

GOVERNANCE.md

@@ -180,14 +180,14 @@ To nominate a new Collaborator:
    block, add a comment in the private discussion stating you're planning on
    opening a public issue, e.g. "I see a number of approvals and no block, I'll
    be opening a public nomination issue if I don't hear any objections in the
-   next 72 hours".
+   next 72 hours". _Ideally_ this should only be done after any questions,
+   concerns, objects, etc have been resolved.
 3. **Optional but strongly recommended**: Privately contact the nominee to make
    sure they're comfortable with the nomination.
 4. Open an issue in the [nodejs/node][] repository. Provide a summary of
    the nominee's contributions (see below for an example). Mention
    @nodejs/collaborators in the issue to notify other collaborators about
-   the nomination. _Ideally_, this issue should not be opened until any private
-   discussion (questions, concerns, objections, etc) has been resolved.
+   the nomination.
 
 The _Optional but strongly recommended_ steps are optional in the sense that
 skipping them would not invalidate the nomination, but it could put the nominee
@@ -214,12 +214,12 @@ Example of list of contributions:
   organization
 * Other participation in the wider Node.js community
 
-The nomination passes if no collaborators _explicitly_ oppose it after one week.
-In the case of an objection, the TSC is responsible for working with the
-individuals involved and finding a resolution. The TSC may, following
-typical TSC consensus seeking processes, choose to advance a nomination that
-has otherwise failed to reach a natural consensus or clear path forward even
-if there are outstanding objections.
+The nomination passes if no collaborators oppose it (as described in the
+following section) after one week. In the case of an objection, the TSC is
+responsible for working with the individuals involved and finding a resolution.
+The TSC may, following typical TSC consensus seeking processes, choose to
+advance a nomination that has otherwise failed to reach a natural consensus or
+clear path forward even if there are outstanding objections.
 
 Explicit opposition would typically be signaled as some form of clear
 and unambiguous comment like, "I don't believe this nomination should pass".
@@ -235,11 +235,6 @@ discussion and review around the proposal should ideally be more geared
 towards "I have reasons to say no..." as opposed to "Give me reasons to say
 yes...".
 
-Refrain from discussing or debating aspects of the nomination process
-itself directly within a nomination private discussion or public issue.
-Such discussions can derail and frustrate the nomination and cause unnecessary
-friction. Move such discussions to a separate issue or discussion thread.
-
 #### How to review a collaborator nomination
 
 A collaborator nomination can be reviewed in the same way one would review a PR
@@ -263,6 +258,25 @@ push commits, etc.), so what's the minimal amount is subjective, and there will
 be cases where collaborators disagree on whether a nomination should move
 forward.
 
+Refrain from discussing or debating aspects of the nomination process
+itself directly within a nomination private discussion or public issue.
+Such discussions can derail and frustrate the nomination and cause unnecessary
+friction. Move such discussions to a separate issue or discussion thread.
+
+#### The Authenticity of Contributors
+
+The Node.js project does not require that contributors use their legal names or
+provide any personal information verifying their identity.
+
+It is not uncommon for malicious actors to attempt to gain commit access to
+open-source projects in order to inject malicious code or for other nefarious
+purposes. The Node.js project has a number of mechanisms in place to prevent
+this, but it is important to be vigilant. If you have concerns about the
+authenticity of a contributor, please raise them with the TSC. Anyone nominating
+a new collaborator should take reasonable steps to verify that the contributions
+of the nominee are authentic and made in good faith. This is not always easy,
+but it is important.
+
 ### Onboarding
 
 After the nomination passes, a TSC member onboards the new collaborator. See