Thanks for the support :-) I got positive response from a majority of folks accepting to be removed to reduce the risk.
So, as described in the plan, action taken => "This may take up to 24 hours to occur.". Best regards, Wadeck On Thursday, November 13, 2025 at 8:13:14 PM UTC+1 [email protected] wrote: > Thanks for that, sounds good to me. > > On Thursday, 13 November 2025 at 18:20:12 UTC+1 [email protected] wrote: > >> Makes sense to me, thanks for doing this. >> >> On Thu, 13 Nov 2025 at 16:39, '[email protected]' via Jenkins >> Developers <[email protected]> wrote: >> >>> Hello everyone, >>> >>> Like I did (with Damien) about three years ago [1], I would like to >>> remove some permissions / clean up the Core [2] and Release [3] teams we >>> have in the jenkinsci organization in GitHub. >>> >>> I heard your feedback (thanks, Tim) suggesting that I open a discussion >>> here instead of doing it directly. The only problem I have with that is >>> that I don't want to make anyone feel blamed by putting their name on a >>> list. >>> >>> Why do this? >>> => Reducing risks and cleaning up. There are frequent phishing attacks >>> and credentials leaks that could cause a supply chain attack against the >>> project. >>> >>> Why Core/Release? >>> => They both grant write permissions to jenkinsci/jenkins (Jenkins >>> core). >>> >>> Who's affected? >>> => Individuals with no activity (reviews, commits, or merges) on the >>> related repositories for the last 12 months. Currently, two people in Core >>> and five in Release (including some who will remain part of Core). If >>> you're worried about your permissions, that's already a good indicator that >>> you're still active and unlikely to be on the list. But if you want to be >>> sure, feel free to send me an email. >>> >>> Can I rejoin? >>> => Yes, you're more than welcome to. Damien will securely store the >>> screenshots of the team compositions (encrypted) so the board members or >>> officers can quickly restore access if someone wants to contribute again. >>> >>> *My approach:* >>> - Open this thread, seeking opinions/suggestions >>> - Send email, WhatsApp, LinkedIn, or other messages to the individuals >>> concerned (within one hour) >>> - If there's no response (or an acceptance) within about one week (by >>> Wed, Nov 19), I'll remove their accounts from the Core or Release teams. >>> >>> Best regards, >>> >>> Wadeck Follonier, Security officer >>> >>> [1] >>> https://groups.google.com/g/jenkinsci-dev/c/8cy8w7ZqyB8/m/eZfaenQzEAAJ >>> [2] https://github.com/orgs/jenkinsci/teams/core >>> [3] https://github.com/orgs/jenkinsci/teams/release >>> >>> CONFIDENTIALITY NOTICE: This email and any attachments contain >>> confidential and proprietary information of CloudBees intended only for the >>> named recipient(s). Unauthorized use or distribution is prohibited. If you >>> received this in error, please notify the sender and delete this email. >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Jenkins Developers" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion visit >>> https://groups.google.com/d/msgid/jenkinsci-dev/3e322521-29a7-46d4-9901-1575c9ce1af2n%40googlegroups.com >>> >>> <https://groups.google.com/d/msgid/jenkinsci-dev/3e322521-29a7-46d4-9901-1575c9ce1af2n%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- CONFIDENTIALITY NOTICE:_ This email and any attachments contain confidential and proprietary information of CloudBees intended only for the named recipient(s). Unauthorized use or distribution is prohibited. If you received this in error, please notify the sender and delete this email._ -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/jenkinsci-dev/f7f5358d-d4d1-4069-964b-326f61387bban%40googlegroups.com.
