[Gluster-devel] Github teams/repo cleanup
mscherer at redhat.com
Fri Jun 29 12:40:32 UTC 2018
So, after Gentoo hack, I started to look at all our teams on github,
and what access does everybody have, etc, etc
And I have a few issues:
- we have old repositories that are no longer used
- we have team without description
- we have people without 2FA who are admins of some team
- github make this kind of audit really difficult without scripting
(and the API is not stable yet for teams)
So I would propose the following rules, and apply them in 1 or 2 weeks
- archives all old projects, aka, ones that got no commit since 2
years, unless people give a reason for the project to stay unarchived.
Being archived do not remove it, it just hide it by default and set it
readonly. It can be reverted without trouble.
- remove project who never started ("vagrant" is one example, there is
only one readme file).
- if you are admin of a team, you have to turn on 2FA on your account.
- if you are admin of the github org, you have to turn 2FA.
- if a team no longer have a purpose (for example, all repos got
archived or removed), it will be removed.
- add a description in every team, that tell what kind of access does
This would permit to get a bit more clarity and security.
Sysadmin, Community Infrastructure and Platform, OSAS
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: This is a digitally signed message part
More information about the Gluster-devel