[tc] Assuming control of GitHub organizations

James E. Blair corvus at inaugust.com
Thu Jun 27 23:00:08 UTC 2019

Thierry Carrez <thierry at openstack.org> writes:

> I'd do a limited number of personal accounts, all with 2FA.

One thing I would encourage folks to consider is that GitHub makes it
remarkably easy to do something "administrative" accidentally.  Any of
these accounts can easily accidentally push a commit, tag, etc., to the
mirrored repos.  It's not going to be destructive to the project in the
long term, since it's merely a mirror of the authoritative code in
Gerrit, but if we think it's important to protect the accounts with 2FA
to reduce the chance of a malicious actor pushing a commit to a
widely-used mirror, then we should similarly consider preventing an
accidental push from a good actor.  This is the principal reason that
the Infra team developed its secondary-or-shared account policy.

Especially if the folks who manage this are also folks who work on these
repos, we're one "git push" away from having egg on our collective face.

If the folks managing the GitHub presence are also developers, I would
encourage the use of a shared or secondary account.


More information about the openstack-discuss mailing list