[tc] Assuming control of GitHub organizations

Sean McGinnis sean.mcginnis at gmx.com
Sat Jun 29 12:04:00 UTC 2019

On Fri, Jun 28, 2019 at 07:49:10AM -0700, James E. Blair wrote:
> Thierry Carrez <thierry at openstack.org> writes:
> > James E. Blair wrote:
> >> Especially if the folks who manage this are also folks who work on these
> >> repos, we're one "git push" away from having egg on our collective face.
> >>
> >> If the folks managing the GitHub presence are also developers, I would
> >> encourage the use of a shared or secondary account.
> >
> > That is a fair point that I had not considered.
> >
> > That said, wouldn't the risk be relatively limited if the "admins"
> > never checkout or clone from GitHub itself ?
> Yes, the biggest risk is if one of the admins is a regular user of
> GitHub.  If they don't have their own GitHub-forks of the OpenStack
> repos, and they only ever clone their local copies from OpenDev (or,
> they are not developers at all), then I think the risk of accidents on a
> personal account is fairly low.
> -Jim

There are some tools out there that have been created to help mitigate these
kinds of things. One I recently came across is described here:


I'm not advocating for trying to adapt that tool, but I think it shows that
something can be stood up relatively easily that would provide a separation of
control to prevent accidental admin access modifications while still making it
easy to see and manage a large number of repos.

Seems fairly easy enough to even just create a githubadmin at openstack.org
account and control access via that.


More information about the openstack-discuss mailing list