I went ahead and created a team in the jenkinsci org https://github.com/orgs/jenkinsci/teams/alumni I will move some of the known inactive contributors there.
On Sunday, March 28, 2021 at 3:13:43 PM UTC+2 [email protected] wrote: > +1 from me > > On Fri, Mar 26, 2021 at 9:11 AM Rick <[email protected]> wrote: > >> +1 from me >> >> >> >> On 03/26/2021 00:16,Mark Waite<[email protected]> wrote: >> >> +1 from me. >> >> On Thursday, March 25, 2021 at 3:55:16 AM UTC-6 Olblak wrote: >> >>> Hi Everybody, >>> >>> I am currently collecting feedback about the best way to manage user >>> access to the Jenkins-infra GitHub organization and more specifically for >>> people who don't contribute anymore (whatever the reason). >>> >>> I recently review user permissions on the Github Jenkins infrastructure >>> organization and we have 53 people with different kinds of permission. A >>> lot of them stepped back or just don't actively contribute anymore. >>> This brings unneeded risk to the Github organization as they have change >>> permissions even though a lot of them don't need those permissions anymore. >>> Differently said, It doesn't make sense to take the risk that a compromised >>> account introduces changes in our git repositories if that account doesn't >>> need privileged access anymore. >>> >>> So I am proposing to create a new "team" named alumni which would have >>> read-only permissions on every public repository. >>> This would bring the following benefits >>> >>> >>> 1. We would still be able to assign individual alumni group member >>> PR or Issues as knowledge experts. >>> 2. Alumni team members will have the "jenkins-infra" badge on their >>> GitHub user profile as a way to highlight their past contribution. >>> 3. If for some reason a malicious user get access to one of the >>> alumni account, that attacker won't be able to merge PR which reduces >>> the >>> risk on the GitHub organization. >>> 4. Of course, once a contributor get more active, we can still >>> remove him from alumni group and grant him more permission >>> >>> Any thoughts? >>> Without any feedback, I'll wait one week, starting from this email, >>> before implementing my plan. >>> >>> Cheers, >>> >>> Olivier >>> >>> -- >>> Olblak >>> >>> >>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "Jenkins Developers" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/jenkinsci-dev/7719a88f-ee56-465a-a44e-67867c473cb2n%40googlegroups.com >> >> <https://groups.google.com/d/msgid/jenkinsci-dev/7719a88f-ee56-465a-a44e-67867c473cb2n%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Jenkins Developers" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> > To view this discussion on the web visit >> https://groups.google.com/d/msgid/jenkinsci-dev/7faf2c04.2688.1786c140815.Coremail.zxjlwt%40126.com >> >> <https://groups.google.com/d/msgid/jenkinsci-dev/7faf2c04.2688.1786c140815.Coremail.zxjlwt%40126.com?utm_medium=email&utm_source=footer> >> . >> > > > -- > Shi Yanjun(yJunS) > Blog:https://github.com/yJunS > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/50aa7676-2e97-48a4-9f6c-cbb968e077d6n%40googlegroups.com.
