[Owasp-leaders] Access management on GitHub
bev.corwin at owasp.org
Tue Jan 3 14:51:54 UTC 2017
+1 Yes, please set up a committee meeting to discuss this and how to best
set up. Best wishes.
On Tue, Jan 3, 2017 at 4:55 AM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:
> +Bjoern, I agree on this.
> If our technical staff also agrees, I think this clean up is surely
> @Matt: If you also agree or have another suggestions from the technical
> point of view, please let us know so Bjorn can continue with the proposed
> On Wed, Dec 28, 2016 at 3:35 PM, Bjoern Kimminich <
> bjoern.kimminich at owasp.org> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA512
>> Hi all,
>> I noticed that the access rights on our GitHub organization are a mess at
>> the moment. Most repositories have a "team" defined representing the
>> project team - which is good, especially if a project has multiple repos,
>> where manually adding individuals to each stops being fun.
>> The bad news: Most of these "teams" have been deleted at some point in
>> time. GitHub unfortunately does not remove those from assigned repos
>> automatically. So we now have a several zombie teams on GitHub that show a
>> 404 when trying to view them.
>> Then there is this "Owner" team where ~17 people are in, and an "Admin"
>> team where only I am in, for unknown reason. Neither team membership gives
>> full access to the org settings, so no idea what they are good for.
>> Is there a secret concept behind this? If not, I vote for tabula rasa:
>> 1. Delete all teams
>> 2. Remove all (zombie) teams from all repos
>> 3. Create a dedicated team per OWASP project that has repos in the org
>> and assign their members
>> 4. Assign teams to their repos as "Writer" or "Admin" (depending how
>> project prefers)
>> 5. Give at least project leader individual "Admin" prefs on repos of
>> his/her projects
>> (6. Create one admin team and assign it as "Admin" to all repos)
>> Better ideas? I suggest doing this *after* clearing the trash/empty
>> repositories to avoid useless effort.
>> -----BEGIN PGP SIGNATURE-----
>> -----END PGP SIGNATURE-----
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
> Johanna Curiel
> OWASP Volunteer
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders