On Sun, Jun 14, 2020 at 7:02 AM nch via agora-discussion < agora-discussion@agoranomic.org> wrote: > > On 6/14/20 8:55 AM, Jason Cobb via agora-discussion wrote: > > On 6/14/20 7:04 AM, nch via agora-discussion wrote: > >> A large number of members of the github were owners. Owners can > >> downgrade each other, delete repositories, and even delete the org. > >> Obviously these are all major security issues. > >> > >> I have made the following changes: > >> > >> * All members have read and write access to all repos > >> > >> * All members have been downgraded except me, g, and comex. > >> > >> Now that everyone has read and write access the vast majority of people shouldn't need to be owners. Please let me know if you have a reason you need to be. > >> > > Fine by me, although I am slightly concerned that bus factor for control > > of the Github org has been lowered considerably. > > > > -- > > Jason Cobb > > > That's why I reduced it to the three longest-active players in the org > (unless someone has been around longer than me that I missed?). If for > some reason one becomes uncontactable the other two are very likely > still around.
So, I'm not worried about the bus risk for the reasons you describe, but am I concerned that there's another problem with your selection criteria. You've selected for the longest involvement in Agora, which does increase the chance that one of the owners will be reachable in an emergency. However, most of the people you've selected have relatively low continuous activity levels. omd has been a registered player for the longest time, but only because e's the Distributor and thus has been immune from deregistration. E's actually been inactive, as a player, for a lot of that time. You've also been inactive for a lot of the time since your first registration. I believe you recently registered after a fairly long lapse in registration. G. is fine on this front. E deregisters every now and then for a short while, so e's only the fourth most recently registered player (the third, not counting the Distributor), but e's never gone for more than a month at a time. Also, e usually checks email even when not registered. E definitely isn't available all the time though; sometimes e takes vacations or is otherwise temporarily absent. So, of the three owners you've selected, only one can be relied on to be on list with any consistency. That means that if someone has a problem that requires an owner, there's only one person who can be relied on to be checking the mailing lists. If e's unavailable and the others happen to be inactive (which, again, they are relatively often), we have to either wait or roust someone who isn't currently active. That isn't the end of the world, but is certainly an annoyance for all concerned. And it's really likely to happen, because again, of the three people you picked, only one is reliably on list. Your on-list redundancy is non-existent. The solution is simple: augment your selection criteria with another one, picking someone who's been active for the longest continuous amount of time. This would be the longest continuously registered player, apart from the Distributor (who doesn't need to stay active to stay registered). This just happens to be someone who's never even been zombified and has been around for over three years. I wonder who that is? :) -Aris
