On 11/07/2024 18:38, Jim Winstead wrote: > On Thu, Jul 11, 2024, at 6:54 AM, Derick Rethans wrote: >> On Wed, 10 Jul 2024, Roman Pronskiy wrote: >> >>> 3. Deployment Process >>> Recently, there was an incident with a code block pushed to the >>> website accidentally: https://github.com/php/web-php/pull/1021. It was >>> promptly reverted, but the case highlighted a potential security risk: >> >> It wasn't an *accident* that I pushed it. Only people with commit access >> to php-web can push things, and that isn't a large list of people. >> >> It is the RMs: https://github.com/orgs/php/teams/release-managers >> and web-team: https://github.com/orgs/php/teams/web-team >> >> Each has 13 members, but there are some overlaps. > > These aren't public. The only public info appears to be the members of the > PHP organization on GitHub, and I think something needs to be done to make > the teams and roles (owner, moderator, etc) public information. This could > probably be scripted and automated because it looks like it's not just a > matter of flipping a switch somewhere on the GitHub side. > > Jim
Note that even the members aren't public information. GitHub allows you, as a user, to hide to which organizations you belong.
