[tc] Assuming control of GitHub organizations

Thierry Carrez thierry at openstack.org
Fri Jun 28 08:43:27 UTC 2019

James E. Blair wrote:
> Thierry Carrez <thierry at openstack.org> writes:
>> I'd do a limited number of personal accounts, all with 2FA.
> One thing I would encourage folks to consider is that GitHub makes it
> remarkably easy to do something "administrative" accidentally.  Any of
> these accounts can easily accidentally push a commit, tag, etc., to the
> mirrored repos.  It's not going to be destructive to the project in the
> long term, since it's merely a mirror of the authoritative code in
> Gerrit, but if we think it's important to protect the accounts with 2FA
> to reduce the chance of a malicious actor pushing a commit to a
> widely-used mirror, then we should similarly consider preventing an
> accidental push from a good actor.  This is the principal reason that
> the Infra team developed its secondary-or-shared account policy.
> Especially if the folks who manage this are also folks who work on these
> repos, we're one "git push" away from having egg on our collective face.
> If the folks managing the GitHub presence are also developers, I would
> encourage the use of a shared or secondary account.

That is a fair point that I had not considered.

That said, wouldn't the risk be relatively limited if the "admins" never 
checkout or clone from GitHub itself ?

Thierry Carrez (ttx)

More information about the openstack-discuss mailing list