Jim Rollenhagen wrote:
The opendev team reached out to me about handing off administrative access of the "openstack" and related organizations on GitHub. They think it would be best if the TC took control of that, or at least took control of delegating that access. In general, the goal here is to support OpenStack's presence and visibility on GitHub. [...]
Do TC members want to manage this, or should we delegate?
I have been considering our GitHub presence as a downstream "code marketing" property, a sort of front-end or entry point into the OpenStack universe for outsiders. As such, I'd consider it much closer to openstack.org/software than to opendev.org/openstack. So one way to do this would be to ask Foundation staff to maintain this code marketing property, taking care of aligning message with the content at openstack.org/software (which is driven from the osf/openstack-map repository). If we handle it at TC-level my fear is that we would duplicate work around things like project descriptions and what is pinned, and end up with slightly different messages.
One thing to figure out is how to grant that access. The opendev team uses a shared account with two-factor authentication provided by a shared shell account. This mitigates accidental pushes or settings changes when an admin is using their usual GitHub account. The TC (or its delegates) probably doesn't have a shared shell account to do this with. Some options:
* each admin creates a second GitHub account for this purpose use a shared * account without 2FA use a shared account with 2FA, share the one time secret * with everyone to configure their own token generator use personal accounts * but be very careful
Thoughts on these options?
I'd do a limited number of personal accounts, all with 2FA. -- Thierry Carrez (ttx)