[Owasp-leaders] Access management on GitHub

Bev Corwin bev.corwin at owasp.org
Tue Jan 3 14:51:54 UTC 2017


+1 Yes, please set up a committee meeting to discuss this and how to best
set up. Best wishes.

Bev


On Tue, Jan 3, 2017 at 4:55 AM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:

> +Bjoern, I agree on this.
> If our technical staff also agrees, I think this clean up is surely
> necessary
>
> @Matt: If you also agree or have another suggestions from the technical
> point of view, please let us know so Bjorn can continue with the proposed
> changes
>
> On Wed, Dec 28, 2016 at 3:35 PM, Bjoern Kimminich <
> bjoern.kimminich at owasp.org> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA512
>>
>> Hi all,
>>
>> I noticed that the access rights on our GitHub organization are a mess at
>> the moment. Most repositories have a "team" defined representing the
>> project team - which is good, especially if a project has multiple repos,
>> where manually adding individuals to each stops being fun.
>>
>> The bad news: Most of these "teams" have been deleted at some point in
>> time. GitHub unfortunately does not remove those from assigned repos
>> automatically. So we now have a several zombie teams on GitHub that show a
>> 404 when trying to view them.
>>
>> Then there is this "Owner" team where ~17 people are in, and an "Admin"
>> team where only I am in, for unknown reason. Neither team membership gives
>> full access to the org settings, so no idea what they are good for.
>>
>> Is there a secret concept behind this? If not, I vote for tabula rasa:
>>
>> 1. Delete all teams
>> 2. Remove all (zombie) teams from all repos
>> 3. Create a dedicated team per OWASP project that has repos in the org
>> and assign their members
>> 4. Assign teams to their repos as "Writer" or "Admin" (depending how
>> project prefers)
>> 5. Give at least project leader individual "Admin" prefs on repos of
>> his/her projects
>> (6. Create one admin team and assign it as "Admin" to all repos)
>>
>> Better ideas? I suggest doing this *after* clearing the trash/empty
>> repositories to avoid useless effort.
>>
>> Cheers,
>> Bjoern
>> -----BEGIN PGP SIGNATURE-----
>>
>> iQFfBAEBCgBJQhxCasO2cm4gS2ltbWluaWNoIChQcml2YXRlIEVtYWlsYWRyZXNz
>> ZSkgPGJqb2Vybi5raW1taW5pY2hAZ214LmRlPgUCWGPNngAKCRAGKoWoy/vc2qtI
>> B/9qLzlJN8WtFlSvfHZVKBAfo+uFAKAz53WNqnRvmJvn/zEhPgbsT7hMgfbwnoLV
>> UcM01uvOBsVZRZIsyBP1fpcy+1mtPsD6FnYhGZBhglQm2UTuHK3iyrLCEnYX/Glc
>> i8wVeIUIAcQUac+Jwj4MAuvh64naNKHqQyg9z3pPM1cMEpAmtWFyytUT9eUrVlnn
>> HElvBxPB8b3oMcj22bpY75WtJDY0uHLs2ylFTNTISSKYVad2NBMLZPGnIZ5AONkq
>> 3ydSDAoJxnVJx1CIK6kP0beFxm3QyAaGvwlu9pWr19SlWG9btW7soM/Z8flkY+ji
>> DCm6qOptWAgnW8PzsjmO/TRv
>> =P6AH
>> -----END PGP SIGNATURE-----
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>
>
>
> --
> Johanna Curiel
> OWASP Volunteer
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170103/aa2246ae/attachment.html>


More information about the OWASP-Leaders mailing list