[Gluster-infra] Github teams/repo cleanup

Michael Scherer mscherer at redhat.com
Fri Jun 29 12:40:32 UTC 2018


So, after Gentoo hack, I started to look at all our teams on github,
and what access does everybody have, etc, etc

And I have a few issues:
- we have old repositories that are no longer used
- we have team without description
- we have people without 2FA who are admins of some team
- github make this kind of audit really difficult without scripting
(and the API is not stable yet for teams)

So I would propose the following rules, and apply them in 1 or 2 weeks

For projects:

- archives all old projects, aka, ones that got no commit since 2
years, unless people give a reason for the project to stay unarchived.
Being archived do not remove it, it just hide it by default and set it
readonly. It can be reverted without trouble.

See https://help.github.com/articles/archiving-a-github-repository/

- remove project who never started ("vagrant" is one example, there is
only one readme file).

For teams:
- if you are admin of a team, you have to turn on 2FA on your account.
- if you are admin of the github org, you have to turn 2FA.

- if a team no longer have a purpose (for example, all repos got
archived or removed), it will be removed.

- add a description in every team, that tell what kind of access does
it give. 

This would permit to get a bit more clarity and security. 

Michael Scherer
Sysadmin, Community Infrastructure and Platform, OSAS

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.gluster.org/pipermail/gluster-infra/attachments/20180629/9d53fe66/attachment.sig>

More information about the Gluster-infra mailing list