[tc] Assuming control of GitHub organizations
thierry at openstack.org
Thu Jun 27 08:55:25 UTC 2019
Jim Rollenhagen wrote:
> The opendev team reached out to me about handing off administrative access of
> the "openstack" and related organizations on GitHub. They think it would be
> best if the TC took control of that, or at least took control of delegating
> that access. In general, the goal here is to support OpenStack's
> presence and visibility on GitHub.
> Do TC members want to manage this, or should we delegate?
I have been considering our GitHub presence as a downstream "code
marketing" property, a sort of front-end or entry point into the
OpenStack universe for outsiders. As such, I'd consider it much closer
to openstack.org/software than to opendev.org/openstack.
So one way to do this would be to ask Foundation staff to maintain this
code marketing property, taking care of aligning message with the
content at openstack.org/software (which is driven from the
If we handle it at TC-level my fear is that we would duplicate work
around things like project descriptions and what is pinned, and end up
with slightly different messages.
> One thing to figure out is how to grant that access. The opendev team uses a
> shared account with two-factor authentication provided by a shared shell
> account. This mitigates accidental pushes or settings changes when an
> admin is
> using their usual GitHub account. The TC (or its delegates) probably doesn't
> have a shared shell account to do this with. Some options:
> * each admin creates a second GitHub account for this purpose use a shared
> * account without 2FA use a shared account with 2FA, share the one time
> * with everyone to configure their own token generator use personal accounts
> * but be very careful
> Thoughts on these options?
I'd do a limited number of personal accounts, all with 2FA.
Thierry Carrez (ttx)
More information about the openstack-discuss