[tc] Assuming control of GitHub organizations

Thierry Carrez thierry at openstack.org
Thu Jun 27 08:55:25 UTC 2019

Jim Rollenhagen wrote:
> The opendev team reached out to me about handing off administrative access of
> the "openstack" and related organizations on GitHub. They think it would be
> best if the TC took control of that, or at least took control of delegating
> that access. In general, the goal here is to support OpenStack's 
> presence and visibility on GitHub.
> [...]
> Do TC members want to manage this, or should we delegate?

I have been considering our GitHub presence as a downstream "code 
marketing" property, a sort of front-end or entry point into the 
OpenStack universe for outsiders. As such, I'd consider it much closer 
to openstack.org/software than to opendev.org/openstack.

So one way to do this would be to ask Foundation staff to maintain this 
code marketing property, taking care of aligning message with the 
content at openstack.org/software (which is driven from the 
osf/openstack-map repository).

If we handle it at TC-level my fear is that we would duplicate work 
around things like project descriptions and what is pinned, and end up 
with slightly different messages.

> One thing to figure out is how to grant that access. The opendev team uses a
> shared account with two-factor authentication provided by a shared shell
> account. This mitigates accidental pushes or settings changes when an 
> admin is
> using their usual GitHub account. The TC (or its delegates) probably doesn't
> have a shared shell account to do this with. Some options:
> * each admin creates a second GitHub account for this purpose use a shared
> * account without 2FA use a shared account with 2FA, share the one time 
> secret
> * with everyone to configure their own token generator use personal accounts
> * but be very careful
> Thoughts on these options?

I'd do a limited number of personal accounts, all with 2FA.

Thierry Carrez (ttx)

More information about the openstack-discuss mailing list