+1. I suggest we do the same for the jenkinsci organization. We have quite a number of core maintainers who have stepped down. They are still the org members, but having a team for these contributors would be helpful.
On Thu, Mar 25, 2021 at 11:15 AM Carlos Tadeu Panato Jr <[email protected]> wrote: > +1 > > Em qui., 25 de mar. de 2021 às 10:55, Olblak <[email protected]> > escreveu: > >> Hi Everybody, >> >> I am currently collecting feedback about the best way to manage user >> access to the Jenkins-infra GitHub organization and more specifically for >> people who don't contribute anymore (whatever the reason). >> >> I recently review user permissions on the Github Jenkins infrastructure >> organization and we have 53 people with different kinds of permission. A >> lot of them stepped back or just don't actively contribute anymore. >> This brings unneeded risk to the Github organization as they have change >> permissions even though a lot of them don't need those permissions anymore. >> Differently said, It doesn't make sense to take the risk that a compromised >> account introduces changes in our git repositories if that account doesn't >> need privileged access anymore. >> >> So I am proposing to create a new "team" named alumni which would have >> read-only permissions on every public repository. >> This would bring the following benefits >> >> >> 1. We would still be able to assign individual alumni group member PR >> or Issues as knowledge experts. >> 2. Alumni team members will have the "jenkins-infra" badge on their >> GitHub user profile as a way to highlight their past contribution. >> 3. If for some reason a malicious user get access to one of the >> alumni account, that attacker won't be able to merge PR which reduces the >> risk on the GitHub organization. >> 4. Of course, once a contributor get more active, we can still remove >> him from alumni group and grant him more permission >> >> Any thoughts? >> Without any feedback, I'll wait one week, starting from this email, >> before implementing my plan. >> >> Cheers, >> >> Olivier >> >> -- >> Olblak >> >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Jenkins Infrastructure" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web, visit >> https://groups.google.com/d/msgid/jenkins-infra/946e9c82-73ce-4365-bd14-0cc17d2c4d69%40www.fastmail.com >> <https://groups.google.com/d/msgid/jenkins-infra/946e9c82-73ce-4365-bd14-0cc17d2c4d69%40www.fastmail.com?utm_medium=email&utm_source=footer> >> . >> > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Infrastructure" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web, visit > https://groups.google.com/d/msgid/jenkins-infra/CAOxYG4z%3D1%3D%2BA32RN41mUR2xDnGX3NANp%2B%2BmvX%2BNS2_1KdnkShQ%40mail.gmail.com > <https://groups.google.com/d/msgid/jenkins-infra/CAOxYG4z%3D1%3D%2BA32RN41mUR2xDnGX3NANp%2B%2BmvX%2BNS2_1KdnkShQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAPfivLCFk3F2SjOug9QgdCuL9hOugEO8Q4173ATfJ47Uvg%3D2Vw%40mail.gmail.com.
