+1. I suggest we do the same for the jenkinsci organization. We have quite a number of core maintainers who have stepped down. They are still the org members, but having a team for these contributors would be helpful.
On Thu, Mar 25, 2021 at 11:15 AM Carlos Tadeu Panato Jr <cta...@gmail.com> wrote: > +1 > > Em qui., 25 de mar. de 2021 às 10:55, Olblak <verni...@gmail.com> > escreveu: > >> Hi Everybody, >> >> I am currently collecting feedback about the best way to manage user >> access to the Jenkins-infra GitHub organization and more specifically for >> people who don't contribute anymore (whatever the reason). >> >> I recently review user permissions on the Github Jenkins infrastructure >> organization and we have 53 people with different kinds of permission. A >> lot of them stepped back or just don't actively contribute anymore. >> This brings unneeded risk to the Github organization as they have change >> permissions even though a lot of them don't need those permissions anymore. >> Differently said, It doesn't make sense to take the risk that a compromised >> account introduces changes in our git repositories if that account doesn't >> need privileged access anymore. >> >> So I am proposing to create a new "team" named alumni which would have >> read-only permissions on every public repository. >> This would bring the following benefits >> >> >> 1. We would still be able to assign individual alumni group member PR >> or Issues as knowledge experts. >> 2. Alumni team members will have the "jenkins-infra" badge on their >> GitHub user profile as a way to highlight their past contribution. >> 3. If for some reason a malicious user get access to one of the >> alumni account, that attacker won't be able to merge PR which reduces the >> risk on the GitHub organization. >> 4. Of course, once a contributor get more active, we can still remove >> him from alumni group and grant him more permission >> >> Any thoughts? >> Without any feedback, I'll wait one week, starting from this email, >> before implementing my plan. >> >> Cheers, >> >> Olivier >> >> -- >> Olblak >> >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Jenkins Infrastructure" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to jenkins-infra+unsubscr...@googlegroups.com. >> To view this discussion on the web, visit >> https://groups.google.com/d/msgid/jenkins-infra/946e9c82-73ce-4365-bd14-0cc17d2c4d69%40www.fastmail.com >> <https://groups.google.com/d/msgid/jenkins-infra/946e9c82-73ce-4365-bd14-0cc17d2c4d69%40www.fastmail.com?utm_medium=email&utm_source=footer> >> . >> > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Infrastructure" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to jenkins-infra+unsubscr...@googlegroups.com. > To view this discussion on the web, visit > https://groups.google.com/d/msgid/jenkins-infra/CAOxYG4z%3D1%3D%2BA32RN41mUR2xDnGX3NANp%2B%2BmvX%2BNS2_1KdnkShQ%40mail.gmail.com > <https://groups.google.com/d/msgid/jenkins-infra/CAOxYG4z%3D1%3D%2BA32RN41mUR2xDnGX3NANp%2B%2BmvX%2BNS2_1KdnkShQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAPfivLCFk3F2SjOug9QgdCuL9hOugEO8Q4173ATfJ47Uvg%3D2Vw%40mail.gmail.com.
