Makes sense to me, thanks for doing this. On Thu, 13 Nov 2025 at 16:39, '[email protected]' via Jenkins Developers <[email protected]> wrote:
> Hello everyone, > > Like I did (with Damien) about three years ago [1], I would like to remove > some permissions / clean up the Core [2] and Release [3] teams we have in > the jenkinsci organization in GitHub. > > I heard your feedback (thanks, Tim) suggesting that I open a discussion > here instead of doing it directly. The only problem I have with that is > that I don't want to make anyone feel blamed by putting their name on a > list. > > Why do this? > => Reducing risks and cleaning up. There are frequent phishing attacks and > credentials leaks that could cause a supply chain attack against the > project. > > Why Core/Release? > => They both grant write permissions to jenkinsci/jenkins (Jenkins core). > > Who's affected? > => Individuals with no activity (reviews, commits, or merges) on the > related repositories for the last 12 months. Currently, two people in Core > and five in Release (including some who will remain part of Core). If > you're worried about your permissions, that's already a good indicator that > you're still active and unlikely to be on the list. But if you want to be > sure, feel free to send me an email. > > Can I rejoin? > => Yes, you're more than welcome to. Damien will securely store the > screenshots of the team compositions (encrypted) so the board members or > officers can quickly restore access if someone wants to contribute again. > > *My approach:* > - Open this thread, seeking opinions/suggestions > - Send email, WhatsApp, LinkedIn, or other messages to the individuals > concerned (within one hour) > - If there's no response (or an acceptance) within about one week (by Wed, > Nov 19), I'll remove their accounts from the Core or Release teams. > > Best regards, > > Wadeck Follonier, Security officer > > [1] https://groups.google.com/g/jenkinsci-dev/c/8cy8w7ZqyB8/m/eZfaenQzEAAJ > [2] https://github.com/orgs/jenkinsci/teams/core > [3] https://github.com/orgs/jenkinsci/teams/release > > CONFIDENTIALITY NOTICE: This email and any attachments contain > confidential and proprietary information of CloudBees intended only for the > named recipient(s). Unauthorized use or distribution is prohibited. If you > received this in error, please notify the sender and delete this email. > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/d/msgid/jenkinsci-dev/3e322521-29a7-46d4-9901-1575c9ce1af2n%40googlegroups.com > <https://groups.google.com/d/msgid/jenkinsci-dev/3e322521-29a7-46d4-9901-1575c9ce1af2n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/jenkinsci-dev/CAH-3Bifx%2BtFw3XUCye7t7J60gWu9EwUfV_-BymeVPxAi8i%3DYDQ%40mail.gmail.com.
