Hi, i want raise this question for discussion. I think this is partially a project security issue.
Any new/not experienced/unrelated to XX plugin new-comer receives access to 1k repos and this looks for me very bad because: 1) you can accidentally push and kill somebodies work 2) *On other side as plugin maintainer/developer you have no any guarantee that somebody will push to your repo*. 3) Bad from security viewpoint Current infra has ability for adding persons to repositories, but this step is constantly ignored by people that granting permissions (and i think irc bot had some related bugs). When you assigned to repository you can also: 1) change repository settings: configure labels/issues/wiki 2) See and highlight real plugin developers by https://help.github.com/articles/writing-on-github/#name-and-team-mentions-autocomplete 3) Maintainer can grant permissions to the next maintainer (add to plugin team) I see no any problems with having "read" for everyone (for tracking how many people are involved), "write" for teams and assign people to repositories/teams. (For all plugins where i was involved i firstly added myself to team to indicate that i do commits). What other people think? If this bad idea please provide other possible variants for highlighted text. -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/36f8761d-f3ff-4182-8000-cab492bbdd23%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
