Open Stack

On Fri, Jun 28, 2019 at 07:49:10AM -0700, James E. Blair wrote:
> Thierry Carrez <thierry at openstack.org> writes:
>
> > James E. Blair wrote:
> >> Especially if the folks who manage this are also folks who work on these
> >> repos, we're one "git push" away from having egg on our collective face.
> >>
> >> If the folks managing the GitHub presence are also developers, I would
> >> encourage the use of a shared or secondary account.
> >
> > That is a fair point that I had not considered.
> >
> > That said, wouldn't the risk be relatively limited if the "admins"
> > never checkout or clone from GitHub itself ?
>
> Yes, the biggest risk is if one of the admins is a regular user of
> GitHub.  If they don't have their own GitHub-forks of the OpenStack
> repos, and they only ever clone their local copies from OpenDev (or,
> they are not developers at all), then I think the risk of accidents on a
> personal account is fairly low.
>
> -Jim
>

There are some tools out there that have been created to help mitigate these
kinds of things. One I recently came across is described here:

https://www.jeff.wilcox.name/2015/11/azure-on-github/

I'm not advocating for trying to adapt that tool, but I think it shows that
something can be stood up relatively easily that would provide a separation of
control to prevent accidental admin access modifications while still making it
easy to see and manage a large number of repos.

Seems fairly easy enough to even just create a githubadmin at openstack.org
account and control access via that.

Sean