Re: ASFIncubator now managed via TweetDeck
I think that David's plan is considerably better. The key is the access to the over-ride keys. On Mon, Mar 30, 2015 at 8:08 PM, David Nalley da...@gnsa.us wrote: The above makes a really nice, security-conscious scheme that I would love to champion among various PMCs and suggest that we document it as part of our social media guidelines. The only open question in my mind is who (and by extension what email address) should the master ASFxxx account be associated with. I see two alternatives here: * ASF Infra team collectively owns it * Whoever controls @TheASF owns it Neither IMO. Infra doesn't want it (and we will politely decline if asked to manage your social media creds). And burdening Sally, Jim, Joe, etc with scores of projects credentials isn't going to scale well. If I were to define it, Make the address for the account private@$foo.a.o (CloudStack uses an alias that forwards to private@cs.a.o IIRC) I would say turn on MFA for the account (device held by the chair or his designee) keep the override codes encrypted to multiple PMC members in the projects private svn tree (and open to add more PMC members at their request). That gives the PMC the ability to override if someone disappears or goes off the tracks. Federating access is easy with Tweetdeck or Hootsuite - securing the account becomes a lot easier as well. --David - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: ASFIncubator now managed via TweetDeck
On 31/03/15 03:08, David Nalley wrote: the master ASFxxx account be associated with. I see two alternatives here: * ASF Infra team collectively owns it * Whoever controls @TheASF owns it Neither IMO. Infra doesn't want it ... And burdening Sally, Jim, Joe, etc with scores of projects credentials isn't going to scale well. My impression was that Roman was implicitly suggesting that there be _one_ account/person somewhere with the Apache Software Foundation structure, that would have ultimate command and control of _all_ Twitter, and other social media accounts. This individual would _not_ be responsible for day-to-day activities, but rather, serve as: * an all points backup; * Single point of contact to find out who to contact regarding a specific Social Media account associated with either the Apache Software Foundation, or an Apache project. My thinking is an email account along the lines of social_media_direc...@apache.org, which either automatically forwards incoming email to the appropriate party, or lets email sit in a queue until a human looks at it. (Procmail recipes could forward/respond appropriately to at least 70% of the inbound emails, before doing any tweaking.) Where needed, a similar account on the specific social media platform could also be created. (For example, on Twitter, it would be ASF_Social_Media_Director.) I don't know where in the ASF hierarchy this position should be, though. Something along the lines of pr...@apache.org, but with the requirement of Marketing, Public Relations, and VP to approve everything that goes out/gets forwarded. jonathon signature.asc Description: OpenPGP digital signature
Re: ASFIncubator now managed via TweetDeck
On Tue, Mar 31, 2015 at 12:05 AM, jonathon toki.kant...@gmail.com wrote: On 31/03/15 03:08, David Nalley wrote: the master ASFxxx account be associated with. I see two alternatives here: * ASF Infra team collectively owns it * Whoever controls @TheASF owns it Neither IMO. Infra doesn't want it ... And burdening Sally, Jim, Joe, etc with scores of projects credentials isn't going to scale well. My impression was that Roman was implicitly suggesting that there be _one_ account/person somewhere with the Apache Software Foundation structure, that would have ultimate command and control of _all_ Twitter, and other social media accounts. This individual would _not_ be responsible for day-to-day activities, but rather, serve as: * an all points backup; * Single point of contact to find out who to contact regarding a specific Social Media account associated with either the Apache Software Foundation, or an Apache project. This is absolutely correct. And while I find David's suggestion an appealing alternative to what I was trying to suggest, I can see pros/cons of both. We do manage certain bits of INFRA in a very centralized way at ASF. The real question is whether @ASFxxx is considered critical enough to warrant that type of commitment. My thinking is an email account along the lines of social_media_direc...@apache.org, which either automatically forwards incoming email to the appropriate party, or lets email sit in a queue until a human looks at it. (Procmail recipes could forward/respond appropriately to at least 70% of the inbound emails, before doing any tweaking.) Where needed, a similar account on the specific social media platform could also be created. (For example, on Twitter, it would be ASF_Social_Media_Director.) I don't know where in the ASF hierarchy this position should be, though. Something along the lines of pr...@apache.org, but with the requirement of Marketing, Public Relations, and VP to approve everything that goes out/gets forwarded. Yup. That's exactly my way of thinking. Would love to hear folks chime in on both. Thanks, Roman. - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: ASFIncubator now managed via TweetDeck
The above makes a really nice, security-conscious scheme that I would love to champion among various PMCs and suggest that we document it as part of our social media guidelines. The only open question in my mind is who (and by extension what email address) should the master ASFxxx account be associated with. I see two alternatives here: * ASF Infra team collectively owns it * Whoever controls @TheASF owns it Neither IMO. Infra doesn't want it (and we will politely decline if asked to manage your social media creds). And burdening Sally, Jim, Joe, etc with scores of projects credentials isn't going to scale well. If I were to define it, Make the address for the account private@$foo.a.o (CloudStack uses an alias that forwards to private@cs.a.o IIRC) I would say turn on MFA for the account (device held by the chair or his designee) keep the override codes encrypted to multiple PMC members in the projects private svn tree (and open to add more PMC members at their request). That gives the PMC the ability to override if someone disappears or goes off the tracks. Federating access is easy with Tweetdeck or Hootsuite - securing the account becomes a lot easier as well. --David - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
ASFIncubator now managed via TweetDeck
Hi! over the weekend I've experimented with managing ASFIncubator via TweetDeck and I really like the results. In fact, I like them so much that I am going to suggest we manage the rest of our official ASFxxx accounts in the following way: 0. The account itself is NOT expected to be used aside from initial setup and a case where all the admins (see bellow) self destruct. 1. As part of the initial setup for the account on TweetDeck we define its first admin and the rest gets boostrapped by that person. 2. Any admin can add two types of accounts under ASFxxx: * collaborators (folks who can tweet) * admins (folks who can tweet AND manage group) Note that all these actions are performed from under the regular user accounts -- there's no need to login into ASFxxx. For example, at this point Ted and I are admins for the ASFIncubator. If you want to be able to Tweet as ASFIncubator please send either one of us your Twitter ID. The above makes a really nice, security-conscious scheme that I would love to champion among various PMCs and suggest that we document it as part of our social media guidelines. The only open question in my mind is who (and by extension what email address) should the master ASFxxx account be associated with. I see two alternatives here: * ASF Infra team collectively owns it * Whoever controls @TheASF owns it Which one do you guys think works best? Thanks, Roman. - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: ASFIncubator now managed via TweetDeck
On Sun, Mar 29, 2015 at 6:28 PM, Roman Shaposhnik ro...@shaposhnik.org wrote: is who (and by extension what email address) should the master ASFxxx account be associated with. I see two alternatives here: * ASF Infra team collectively owns it * Whoever controls @TheASF owns it Which one do you guys think works best? I substantially prefer the second.