Re: [Github] jenkins-infra alumni team

2021-03-30 Thread 'Olblak' via Jenkins Developers 
Hi Everybody, 
I made few changes to the Jenkins-infra GitHub organization.

**jenkins-infra/alumni**
I created the alumni team here 
, feel free to 
reach out if I put the wrong person there and I'll revert it or if I am missing 
someone.

**Repository permission**
Several teams had "admin" permission and I switched that to "maintain"

I started reviewing team repository permission and while I made few changes, I 
still have pending work but feel free to suggest teams that should or should 
not have a specific repository access

Cheers


On Mon, Mar 29, 2021, at 3:12 PM, 'Olblak' via Jenkins Developers wrote:
> Thanks everybody for your feedback, I'll create that team and start moving 
> people there
> 
> On Mon, Mar 29, 2021, at 2:15 PM, Oleg Nenashev wrote:
>> I went ahead and created a team in the jenkinsci org 
>> https://github.com/orgs/jenkinsci/teams/alumni 
>> I will move some of the known inactive contributors there.
>> On Sunday, March 28, 2021 at 3:13:43 PM UTC+2 siiy...@gmail.com wrote:
>>> +1 from me
>>> 
>>> 
>>> On Fri, Mar 26, 2021 at 9:11 AM Rick  wrote:
 
 +1 from me
 
 
 
 
 
 On 03/26/2021 00:16,Mark Waite wrote:
> +1 from me.
> 
> On Thursday, March 25, 2021 at 3:55:16 AM UTC-6 Olblak wrote:
>> __
>> Hi Everybody,
>> 
>> I am currently collecting feedback about the best way to manage user 
>> access to the Jenkins-infra GitHub organization and more specifically 
>> for people who don't contribute anymore (whatever the reason).
>> 
>> I recently review user permissions on the Github Jenkins infrastructure 
>> organization and we have 53 people with different kinds of permission. A 
>> lot of them stepped back or just don't actively contribute anymore.
>> This brings unneeded risk to the Github organization as they have change 
>> permissions even though a lot of them don't need those permissions 
>> anymore. Differently said, It doesn't make sense to take the risk that a 
>> compromised account introduces changes in our git repositories if that 
>> account doesn't need privileged access anymore.
>> 
>> So I am proposing to create a new "team" named alumni which would have 
>> read-only permissions on every public repository.
>> This would bring the following benefits
>> 
>>  1. We would still be able to assign individual alumni group member PR 
>> or Issues as knowledge experts.
>>  2. Alumni team members will have the "jenkins-infra" badge on their 
>> GitHub user profile as a way to highlight their past contribution.
>>  3. If for some reason a malicious user get access to one of the alumni 
>> account, that attacker won't be able to merge PR which reduces the risk 
>> on the GitHub organization.
>>  4. Of course, once a contributor get more active, we can still remove 
>> him from alumni group and grant him more permission
>> Any thoughts? 
>> Without any feedback, I'll wait one week, starting from this email, 
>> before implementing my plan.
>> 
>> Cheers,
>> 
>> Olivier
>> 
>> --
>>   Olblak
>> 
>> 
>> 
> 

> -- 
> You received this message because you are subscribed to the Google Groups 
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to jenkinsci-de...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/jenkinsci-dev/7719a88f-ee56-465a-a44e-67867c473cb2n%40googlegroups.com
>  
> .
 

 -- 
 You received this message because you are subscribed to the Google Groups 
 "Jenkins Developers" group.
 To unsubscribe from this group and stop receiving emails from it, send an 
 email to jenkinsci-de...@googlegroups.com.
 To view this discussion on the web visit 
 https://groups.google.com/d/msgid/jenkinsci-dev/7faf2c04.2688.1786c140815.Coremail.zxjlwt%40126.com
  
 .
>>> 
>>> 
>>> -- 
>>> Shi Yanjun(yJunS)
>>> Blog:https://github.com/yJunS
>> 

>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Jenkins Developers" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to jenkinsci-dev+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/jenkinsci-dev/50aa7676-2e97-48a4-9f6c-cbb968e077d6n%40googlegroups.com
>>  
>>

Re: [Github] jenkins-infra alumni team

2021-03-29 Thread 'Olblak' via Jenkins Developers 
Thanks everybody for your feedback, I'll create that team and start moving 
people there

On Mon, Mar 29, 2021, at 2:15 PM, Oleg Nenashev wrote:
> I went ahead and created a team in the jenkinsci org 
> https://github.com/orgs/jenkinsci/teams/alumni 
> I will move some of the known inactive contributors there.
> On Sunday, March 28, 2021 at 3:13:43 PM UTC+2 siiy...@gmail.com wrote:
>> +1 from me
>> 
>> 
>> On Fri, Mar 26, 2021 at 9:11 AM Rick  wrote:
>>> 
>>> +1 from me
>>> 
>>> 
>>> 
>>> 
>>> 
>>> On 03/26/2021 00:16,Mark Waite wrote:
 +1 from me.
 
 On Thursday, March 25, 2021 at 3:55:16 AM UTC-6 Olblak wrote:
> __
> Hi Everybody,
> 
> I am currently collecting feedback about the best way to manage user 
> access to the Jenkins-infra GitHub organization and more specifically for 
> people who don't contribute anymore (whatever the reason).
> 
> I recently review user permissions on the Github Jenkins infrastructure 
> organization and we have 53 people with different kinds of permission. A 
> lot of them stepped back or just don't actively contribute anymore.
> This brings unneeded risk to the Github organization as they have change 
> permissions even though a lot of them don't need those permissions 
> anymore. Differently said, It doesn't make sense to take the risk that a 
> compromised account introduces changes in our git repositories if that 
> account doesn't need privileged access anymore.
> 
> So I am proposing to create a new "team" named alumni which would have 
> read-only permissions on every public repository.
> This would bring the following benefits
> 
>  1. We would still be able to assign individual alumni group member PR or 
> Issues as knowledge experts.
>  2. Alumni team members will have the "jenkins-infra" badge on their 
> GitHub user profile as a way to highlight their past contribution.
>  3. If for some reason a malicious user get access to one of the alumni 
> account, that attacker won't be able to merge PR which reduces the risk 
> on the GitHub organization.
>  4. Of course, once a contributor get more active, we can still remove 
> him from alumni group and grant him more permission
> Any thoughts? 
> Without any feedback, I'll wait one week, starting from this email, 
> before implementing my plan.
> 
> Cheers,
> 
> Olivier
> 
> --
>   Olblak
> 
> 
> 
 

 -- 
 You received this message because you are subscribed to the Google Groups 
 "Jenkins Developers" group.
 To unsubscribe from this group and stop receiving emails from it, send an 
 email to jenkinsci-de...@googlegroups.com.
 To view this discussion on the web visit 
 https://groups.google.com/d/msgid/jenkinsci-dev/7719a88f-ee56-465a-a44e-67867c473cb2n%40googlegroups.com
  
 .
>>> 

>>> -- 
>>> You received this message because you are subscribed to the Google Groups 
>>> "Jenkins Developers" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an 
>>> email to jenkinsci-de...@googlegroups.com.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/jenkinsci-dev/7faf2c04.2688.1786c140815.Coremail.zxjlwt%40126.com
>>>  
>>> .
>> 
>> 
>> -- 
>> Shi Yanjun(yJunS)
>> Blog:https://github.com/yJunS
> 

> -- 
> You received this message because you are subscribed to the Google Groups 
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/jenkinsci-dev/50aa7676-2e97-48a4-9f6c-cbb968e077d6n%40googlegroups.com
>  
> .

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/a7fa95f1-217e-464c-bd27-c4e93860f428%40www.fastmail.com.

Re: [Github] jenkins-infra alumni team

2021-03-29 Thread Oleg Nenashev 
I went ahead and created a team in the jenkinsci org 
https://github.com/orgs/jenkinsci/teams/alumni 
I will move some of the known inactive contributors there.

On Sunday, March 28, 2021 at 3:13:43 PM UTC+2 siiy...@gmail.com wrote:

> +1 from me
>
> On Fri, Mar 26, 2021 at 9:11 AM Rick  wrote:
>
>> +1 from me
>>
>>
>>
>> On 03/26/2021 00:16,Mark Waite wrote: 
>>
>> +1 from me.
>>
>> On Thursday, March 25, 2021 at 3:55:16 AM UTC-6 Olblak wrote:
>>
>>> Hi Everybody,
>>>
>>> I am currently collecting feedback about the best way to manage user 
>>> access to the Jenkins-infra GitHub organization and more specifically for 
>>> people who don't contribute anymore (whatever the reason).
>>>
>>> I recently review user permissions on the Github Jenkins infrastructure 
>>> organization and we have 53 people with different kinds of permission. A 
>>> lot of them stepped back or just don't actively contribute anymore.
>>> This brings unneeded risk to the Github organization as they have change 
>>> permissions even though a lot of them don't need those permissions anymore. 
>>> Differently said, It doesn't make sense to take the risk that a compromised 
>>> account introduces changes in our git repositories if that account doesn't 
>>> need privileged access anymore.
>>>
>>> So I am proposing to create a new "team" named alumni which would have 
>>> read-only permissions on every public repository.
>>> This would bring the following benefits
>>>
>>>
>>>1. We would still be able to assign individual alumni group member 
>>>PR or Issues as knowledge experts.
>>>2. Alumni team members will have the "jenkins-infra" badge on their 
>>>GitHub user profile as a way to highlight their past contribution.
>>>3. If for some reason a malicious user get access to one of the 
>>>alumni account, that attacker won't be able to merge PR which reduces 
>>> the 
>>>risk on the GitHub organization.
>>>4. Of course, once a contributor get more active, we can still 
>>>remove him from alumni group and grant him more permission
>>>
>>> Any thoughts? 
>>> Without any feedback, I'll wait one week, starting from this email, 
>>> before implementing my plan.
>>>
>>> Cheers,
>>>
>>> Olivier
>>>
>>> -- 
>>>   Olblak
>>>
>>>
>>>
>>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Jenkins Developers" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to jenkinsci-de...@googlegroups.com.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/jenkinsci-dev/7719a88f-ee56-465a-a44e-67867c473cb2n%40googlegroups.com
>>  
>> 
>> .
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Jenkins Developers" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to jenkinsci-de...@googlegroups.com.
>>
> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/jenkinsci-dev/7faf2c04.2688.1786c140815.Coremail.zxjlwt%40126.com
>>  
>> 
>> .
>>
>
>
> -- 
> Shi Yanjun(yJunS)
> Blog:https://github.com/yJunS
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/50aa7676-2e97-48a4-9f6c-cbb968e077d6n%40googlegroups.com.

Re: [Github] jenkins-infra alumni team

2021-03-28 Thread YanJun Shi 
+1 from me

On Fri, Mar 26, 2021 at 9:11 AM Rick  wrote:

> +1 from me
>
>
>
> On 03/26/2021 00:16,Mark Waite
>  wrote:
>
> +1 from me.
>
> On Thursday, March 25, 2021 at 3:55:16 AM UTC-6 Olblak wrote:
>
>> Hi Everybody,
>>
>> I am currently collecting feedback about the best way to manage user
>> access to the Jenkins-infra GitHub organization and more specifically for
>> people who don't contribute anymore (whatever the reason).
>>
>> I recently review user permissions on the Github Jenkins infrastructure
>> organization and we have 53 people with different kinds of permission. A
>> lot of them stepped back or just don't actively contribute anymore.
>> This brings unneeded risk to the Github organization as they have change
>> permissions even though a lot of them don't need those permissions anymore.
>> Differently said, It doesn't make sense to take the risk that a compromised
>> account introduces changes in our git repositories if that account doesn't
>> need privileged access anymore.
>>
>> So I am proposing to create a new "team" named alumni which would have
>> read-only permissions on every public repository.
>> This would bring the following benefits
>>
>>
>>1. We would still be able to assign individual alumni group member PR
>>or Issues as knowledge experts.
>>2. Alumni team members will have the "jenkins-infra" badge on their
>>GitHub user profile as a way to highlight their past contribution.
>>3. If for some reason a malicious user get access to one of the
>>alumni account, that attacker won't be able to merge PR which reduces the
>>risk on the GitHub organization.
>>4. Of course, once a contributor get more active, we can still remove
>>him from alumni group and grant him more permission
>>
>> Any thoughts?
>> Without any feedback, I'll wait one week, starting from this email,
>> before implementing my plan.
>>
>> Cheers,
>>
>> Olivier
>>
>> --
>>   Olblak
>>
>>
>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/7719a88f-ee56-465a-a44e-67867c473cb2n%40googlegroups.com
> 
> .
>
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/7faf2c04.2688.1786c140815.Coremail.zxjlwt%40126.com
> 
> .
>


-- 
Shi Yanjun(yJunS)
Blog:https://github.com/yJunS

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CALfBRDqV%3Dn36NFAZn89iPPryiLY5jnMp_e9ZPjPhhAhUUee2Eg%40mail.gmail.com.

Re: [Github] jenkins-infra alumni team

2021-03-25 Thread Rick 
+1 from me
| | |
|
|
|


On 03/26/2021 00:16,Mark Waite wrote:
+1 from me.


On Thursday, March 25, 2021 at 3:55:16 AM UTC-6 Olblak wrote:

Hi Everybody,



I am currently collecting feedback about the best way to manage user access to 
the Jenkins-infra GitHub organization and more specifically for people who 
don't contribute anymore (whatever the reason).



I recently review user permissions on the Github Jenkins infrastructure 
organization and we have 53 people with different kinds of permission. A lot of 
them stepped back or just don't actively contribute anymore.

This brings unneeded risk to the Github organization as they have change 
permissions even though a lot of them don't need those permissions anymore. 
Differently said, It doesn't make sense to take the risk that a compromised 
account introduces changes in our git repositories if that account doesn't need 
privileged access anymore.



So I am proposing to create a new "team" named alumni which would have 
read-only permissions on every public repository.

This would bring the following benefits



We would still be able to assign individual alumni group member PR or Issues as 
knowledge experts.

Alumni team members will have the "jenkins-infra" badge on their GitHub user 
profile as a way to highlight their past contribution.

If for some reason a malicious user get access to one of the alumni account, 
that attacker won't be able to merge PR which reduces the risk on the GitHub 
organization.

Of course, once a contributor get more active, we can still remove him from 
alumni group and grant him more permission

Any thoughts?

Without any feedback, I'll wait one week, starting from this email, before 
implementing my plan.



Cheers,



Olivier



--
  Olblak







--
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/7719a88f-ee56-465a-a44e-67867c473cb2n%40googlegroups.com.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/7faf2c04.2688.1786c140815.Coremail.zxjlwt%40126.com.

Re: [Github] jenkins-infra alumni team

2021-03-25 Thread Mark Waite 
+1 from me.

On Thursday, March 25, 2021 at 3:55:16 AM UTC-6 Olblak wrote:

> Hi Everybody,
>
> I am currently collecting feedback about the best way to manage user 
> access to the Jenkins-infra GitHub organization and more specifically for 
> people who don't contribute anymore (whatever the reason).
>
> I recently review user permissions on the Github Jenkins infrastructure 
> organization and we have 53 people with different kinds of permission. A 
> lot of them stepped back or just don't actively contribute anymore.
> This brings unneeded risk to the Github organization as they have change 
> permissions even though a lot of them don't need those permissions anymore. 
> Differently said, It doesn't make sense to take the risk that a compromised 
> account introduces changes in our git repositories if that account doesn't 
> need privileged access anymore.
>
> So I am proposing to create a new "team" named alumni which would have 
> read-only permissions on every public repository.
> This would bring the following benefits
>
>
>1. We would still be able to assign individual alumni group member PR 
>or Issues as knowledge experts.
>2. Alumni team members will have the "jenkins-infra" badge on their 
>GitHub user profile as a way to highlight their past contribution.
>3. If for some reason a malicious user get access to one of the alumni 
>account, that attacker won't be able to merge PR which reduces the risk on 
>the GitHub organization.
>4. Of course, once a contributor get more active, we can still remove 
>him from alumni group and grant him more permission
>
> Any thoughts? 
> Without any feedback, I'll wait one week, starting from this email, before 
> implementing my plan.
>
> Cheers,
>
> Olivier
>
> -- 
>   Olblak
>
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/7719a88f-ee56-465a-a44e-67867c473cb2n%40googlegroups.com.

Re: [jenkins-infra] [Github] jenkins-infra alumni team

2021-03-25 Thread Oleg Nenashev 
+1. I suggest we do the same for the jenkinsci organization.
We have quite a number of core maintainers who have stepped down. They are
still the org members, but having a team for these contributors would be
helpful.

On Thu, Mar 25, 2021 at 11:15 AM Carlos Tadeu Panato Jr 
wrote:

> +1
>
> Em qui., 25 de mar. de 2021 às 10:55, Olblak 
> escreveu:
>
>> Hi Everybody,
>>
>> I am currently collecting feedback about the best way to manage user
>> access to the Jenkins-infra GitHub organization and more specifically for
>> people who don't contribute anymore (whatever the reason).
>>
>> I recently review user permissions on the Github Jenkins infrastructure
>> organization and we have 53 people with different kinds of permission. A
>> lot of them stepped back or just don't actively contribute anymore.
>> This brings unneeded risk to the Github organization as they have change
>> permissions even though a lot of them don't need those permissions anymore.
>> Differently said, It doesn't make sense to take the risk that a compromised
>> account introduces changes in our git repositories if that account doesn't
>> need privileged access anymore.
>>
>> So I am proposing to create a new "team" named alumni which would have
>> read-only permissions on every public repository.
>> This would bring the following benefits
>>
>>
>>1. We would still be able to assign individual alumni group member PR
>>or Issues as knowledge experts.
>>2. Alumni team members will have the "jenkins-infra" badge on their
>>GitHub user profile as a way to highlight their past contribution.
>>3. If for some reason a malicious user get access to one of the
>>alumni account, that attacker won't be able to merge PR which reduces the
>>risk on the GitHub organization.
>>4. Of course, once a contributor get more active, we can still remove
>>him from alumni group and grant him more permission
>>
>> Any thoughts?
>> Without any feedback, I'll wait one week, starting from this email,
>> before implementing my plan.
>>
>> Cheers,
>>
>> Olivier
>>
>> --
>>   Olblak
>>
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Jenkins Infrastructure" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to jenkins-infra+unsubscr...@googlegroups.com.
>> To view this discussion on the web, visit
>> https://groups.google.com/d/msgid/jenkins-infra/946e9c82-73ce-4365-bd14-0cc17d2c4d69%40www.fastmail.com
>> 
>> .
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Infrastructure" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkins-infra+unsubscr...@googlegroups.com.
> To view this discussion on the web, visit
> https://groups.google.com/d/msgid/jenkins-infra/CAOxYG4z%3D1%3D%2BA32RN41mUR2xDnGX3NANp%2B%2BmvX%2BNS2_1KdnkShQ%40mail.gmail.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAPfivLCFk3F2SjOug9QgdCuL9hOugEO8Q4173ATfJ47Uvg%3D2Vw%40mail.gmail.com.

Re: [Github] jenkins-infra alumni team

2021-03-25 Thread Arnaud Héritier 
+1

On Thu, Mar 25, 2021 at 10:55 AM Olblak  wrote:

> Hi Everybody,
>
> I am currently collecting feedback about the best way to manage user
> access to the Jenkins-infra GitHub organization and more specifically for
> people who don't contribute anymore (whatever the reason).
>
> I recently review user permissions on the Github Jenkins infrastructure
> organization and we have 53 people with different kinds of permission. A
> lot of them stepped back or just don't actively contribute anymore.
> This brings unneeded risk to the Github organization as they have change
> permissions even though a lot of them don't need those permissions anymore.
> Differently said, It doesn't make sense to take the risk that a compromised
> account introduces changes in our git repositories if that account doesn't
> need privileged access anymore.
>
> So I am proposing to create a new "team" named alumni which would have
> read-only permissions on every public repository.
> This would bring the following benefits
>
>
>1. We would still be able to assign individual alumni group member PR
>or Issues as knowledge experts.
>2. Alumni team members will have the "jenkins-infra" badge on their
>GitHub user profile as a way to highlight their past contribution.
>3. If for some reason a malicious user get access to one of the alumni
>account, that attacker won't be able to merge PR which reduces the risk on
>the GitHub organization.
>4. Of course, once a contributor get more active, we can still remove
>him from alumni group and grant him more permission
>
> Any thoughts?
> Without any feedback, I'll wait one week, starting from this email, before
> implementing my plan.
>
> Cheers,
>
> Olivier
>
> --
>   Olblak
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/946e9c82-73ce-4365-bd14-0cc17d2c4d69%40www.fastmail.com
> 
> .
>


-- 
Arnaud Héritier
Twitter/Skype : aheritier

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFNCU--n%3Dzf3EDPC1j68n95wXYLu4Je_YCYfs3CUo%3DpQTnUz5g%40mail.gmail.com.

[Github] jenkins-infra alumni team

2021-03-25 Thread Olblak 
Hi Everybody,

I am currently collecting feedback about the best way to manage user access to 
the Jenkins-infra GitHub organization and more specifically for people who 
don't contribute anymore (whatever the reason).

I recently review user permissions on the Github Jenkins infrastructure 
organization and we have 53 people with different kinds of permission. A lot of 
them stepped back or just don't actively contribute anymore.
This brings unneeded risk to the Github organization as they have change 
permissions even though a lot of them don't need those permissions anymore. 
Differently said, It doesn't make sense to take the risk that a compromised 
account introduces changes in our git repositories if that account doesn't need 
privileged access anymore.

So I am proposing to create a new "team" named alumni which would have 
read-only permissions on every public repository.
This would bring the following benefits

 1. We would still be able to assign individual alumni group member PR or 
Issues as knowledge experts.
 2. Alumni team members will have the "jenkins-infra" badge on their GitHub 
user profile as a way to highlight their past contribution.
 3. If for some reason a malicious user get access to one of the alumni 
account, that attacker won't be able to merge PR which reduces the risk on the 
GitHub organization.
 4. Of course, once a contributor get more active, we can still remove him from 
alumni group and grant him more permission
Any thoughts? 
Without any feedback, I'll wait one week, starting from this email, before 
implementing my plan.

Cheers,

Olivier

-- 
  Olblak


-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/946e9c82-73ce-4365-bd14-0cc17d2c4d69%40www.fastmail.com.