[Owasp-leaders] Access management on GitHub

johanna curiel curiel johanna.curiel at owasp.org
Tue Jan 3 09:55:44 UTC 2017

+Bjoern, I agree on this.
If our technical staff also agrees, I think this clean up is surely

@Matt: If you also agree or have another suggestions from the technical
point of view, please let us know so Bjorn can continue with the proposed

On Wed, Dec 28, 2016 at 3:35 PM, Bjoern Kimminich <
bjoern.kimminich at owasp.org> wrote:

> Hash: SHA512
> Hi all,
> I noticed that the access rights on our GitHub organization are a mess at
> the moment. Most repositories have a "team" defined representing the
> project team - which is good, especially if a project has multiple repos,
> where manually adding individuals to each stops being fun.
> The bad news: Most of these "teams" have been deleted at some point in
> time. GitHub unfortunately does not remove those from assigned repos
> automatically. So we now have a several zombie teams on GitHub that show a
> 404 when trying to view them.
> Then there is this "Owner" team where ~17 people are in, and an "Admin"
> team where only I am in, for unknown reason. Neither team membership gives
> full access to the org settings, so no idea what they are good for.
> Is there a secret concept behind this? If not, I vote for tabula rasa:
> 1. Delete all teams
> 2. Remove all (zombie) teams from all repos
> 3. Create a dedicated team per OWASP project that has repos in the org and
> assign their members
> 4. Assign teams to their repos as "Writer" or "Admin" (depending how
> project prefers)
> 5. Give at least project leader individual "Admin" prefs on repos of
> his/her projects
> (6. Create one admin team and assign it as "Admin" to all repos)
> Better ideas? I suggest doing this *after* clearing the trash/empty
> repositories to avoid useless effort.
> Cheers,
> Bjoern
> iQFfBAEBCgBJQhxCasO2cm4gS2ltbWluaWNoIChQcml2YXRlIEVtYWlsYWRyZXNz
> ZSkgPGJqb2Vybi5raW1taW5pY2hAZ214LmRlPgUCWGPNngAKCRAGKoWoy/vc2qtI
> B/9qLzlJN8WtFlSvfHZVKBAfo+uFAKAz53WNqnRvmJvn/zEhPgbsT7hMgfbwnoLV
> UcM01uvOBsVZRZIsyBP1fpcy+1mtPsD6FnYhGZBhglQm2UTuHK3iyrLCEnYX/Glc
> i8wVeIUIAcQUac+Jwj4MAuvh64naNKHqQyg9z3pPM1cMEpAmtWFyytUT9eUrVlnn
> 3ydSDAoJxnVJx1CIK6kP0beFxm3QyAaGvwlu9pWr19SlWG9btW7soM/Z8flkY+ji
> DCm6qOptWAgnW8PzsjmO/TRv
> =P6AH
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

Johanna Curiel
OWASP Volunteer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170103/9063dfe4/attachment.html>

More information about the OWASP-Leaders mailing list