+1 On Thu, Mar 25, 2021 at 10:55 AM Olblak <[email protected]> wrote:
> Hi Everybody, > > I am currently collecting feedback about the best way to manage user > access to the Jenkins-infra GitHub organization and more specifically for > people who don't contribute anymore (whatever the reason). > > I recently review user permissions on the Github Jenkins infrastructure > organization and we have 53 people with different kinds of permission. A > lot of them stepped back or just don't actively contribute anymore. > This brings unneeded risk to the Github organization as they have change > permissions even though a lot of them don't need those permissions anymore. > Differently said, It doesn't make sense to take the risk that a compromised > account introduces changes in our git repositories if that account doesn't > need privileged access anymore. > > So I am proposing to create a new "team" named alumni which would have > read-only permissions on every public repository. > This would bring the following benefits > > > 1. We would still be able to assign individual alumni group member PR > or Issues as knowledge experts. > 2. Alumni team members will have the "jenkins-infra" badge on their > GitHub user profile as a way to highlight their past contribution. > 3. If for some reason a malicious user get access to one of the alumni > account, that attacker won't be able to merge PR which reduces the risk on > the GitHub organization. > 4. Of course, once a contributor get more active, we can still remove > him from alumni group and grant him more permission > > Any thoughts? > Without any feedback, I'll wait one week, starting from this email, before > implementing my plan. > > Cheers, > > Olivier > > -- > Olblak > > > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-dev/946e9c82-73ce-4365-bd14-0cc17d2c4d69%40www.fastmail.com > <https://groups.google.com/d/msgid/jenkinsci-dev/946e9c82-73ce-4365-bd14-0cc17d2c4d69%40www.fastmail.com?utm_medium=email&utm_source=footer> > . > -- Arnaud Héritier Twitter/Skype : aheritier -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAFNCU--n%3Dzf3EDPC1j68n95wXYLu4Je_YCYfs3CUo%3DpQTnUz5g%40mail.gmail.com.
