[Owasp-leaders] Access management on GitHub

Claudia Casanovas claudia.aviles-casanovas at owasp.org
Tue Jan 10 01:21:17 UTC 2017


I can give you owner rights for your project.  What is the user name and I change your access

Sent from my iPhone

> On Jan 9, 2017, at 7:18 PM, Chetan Karande <chetan.karande at owasp.org> wrote:
> 
> +1. Thanks  Bjoern for bringing this up.
> 
> Without proper access rights, there is no way for project leaders to assign issues to contributors who are not already part of OWASP github account. It would be really helpful for project leaders to have rights to create a project team and add members to it.
> 
> Chetan Karande
> OWASP NodeGoat project
> 
> 
>> On Jan 3, 2017 9:52 AM, "Bev Corwin" <bev.corwin at owasp.org> wrote:
>> +1 Yes, please set up a committee meeting to discuss this and how to best set up. Best wishes.
>> 
>> Bev
>> 
>> 
>>> On Tue, Jan 3, 2017 at 4:55 AM, johanna curiel curiel <johanna.curiel at owasp.org> wrote:
>>> +Bjoern, I agree on this.
>>> If our technical staff also agrees, I think this clean up is surely necessary
>>> 
>>> @Matt: If you also agree or have another suggestions from the technical point of view, please let us know so Bjorn can continue with the proposed changes
>>> 
>>>> On Wed, Dec 28, 2016 at 3:35 PM, Bjoern Kimminich <bjoern.kimminich at owasp.org> wrote:
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA512
>>>> 
>>>> Hi all,
>>>> 
>>>> I noticed that the access rights on our GitHub organization are a mess at the moment. Most repositories have a "team" defined representing the project team - which is good, especially if a project has multiple repos, where manually adding individuals to each stops being fun.
>>>> 
>>>> The bad news: Most of these "teams" have been deleted at some point in time. GitHub unfortunately does not remove those from assigned repos automatically. So we now have a several zombie teams on GitHub that show a 404 when trying to view them.
>>>> 
>>>> Then there is this "Owner" team where ~17 people are in, and an "Admin" team where only I am in, for unknown reason. Neither team membership gives full access to the org settings, so no idea what they are good for.
>>>> 
>>>> Is there a secret concept behind this? If not, I vote for tabula rasa:
>>>> 
>>>> 1. Delete all teams
>>>> 2. Remove all (zombie) teams from all repos
>>>> 3. Create a dedicated team per OWASP project that has repos in the org and assign their members
>>>> 4. Assign teams to their repos as "Writer" or "Admin" (depending how project prefers)
>>>> 5. Give at least project leader individual "Admin" prefs on repos of his/her projects
>>>> (6. Create one admin team and assign it as "Admin" to all repos)
>>>> 
>>>> Better ideas? I suggest doing this *after* clearing the trash/empty repositories to avoid useless effort.
>>>> 
>>>> Cheers,
>>>> Bjoern
>>>> -----BEGIN PGP SIGNATURE-----
>>>> 
>>>> iQFfBAEBCgBJQhxCasO2cm4gS2ltbWluaWNoIChQcml2YXRlIEVtYWlsYWRyZXNz
>>>> ZSkgPGJqb2Vybi5raW1taW5pY2hAZ214LmRlPgUCWGPNngAKCRAGKoWoy/vc2qtI
>>>> B/9qLzlJN8WtFlSvfHZVKBAfo+uFAKAz53WNqnRvmJvn/zEhPgbsT7hMgfbwnoLV
>>>> UcM01uvOBsVZRZIsyBP1fpcy+1mtPsD6FnYhGZBhglQm2UTuHK3iyrLCEnYX/Glc
>>>> i8wVeIUIAcQUac+Jwj4MAuvh64naNKHqQyg9z3pPM1cMEpAmtWFyytUT9eUrVlnn
>>>> HElvBxPB8b3oMcj22bpY75WtJDY0uHLs2ylFTNTISSKYVad2NBMLZPGnIZ5AONkq
>>>> 3ydSDAoJxnVJx1CIK6kP0beFxm3QyAaGvwlu9pWr19SlWG9btW7soM/Z8flkY+ji
>>>> DCm6qOptWAgnW8PzsjmO/TRv
>>>> =P6AH
>>>> -----END PGP SIGNATURE-----
>>>> 
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> 
>>> 
>>> 
>>> -- 
>>> Johanna Curiel 
>>> OWASP Volunteer
>>> 
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> 
>> 
>> 
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170109/73ef46b1/attachment.html>


More information about the OWASP-Leaders mailing list