Github teams/repo cleanup

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

So, after Gentoo hack, I started to look at all our teams on github,
and what access does everybody have, etc, etc

And I have a few issues:
- we have old repositories that are no longer used
- we have team without description
- we have people without 2FA who are admins of some team
- github make this kind of audit really difficult without scripting
(and the API is not stable yet for teams)

So I would propose the following rules, and apply them in 1 or 2 weeks
time.

For projects:

- archives all old projects, aka, ones that got no commit since 2
years, unless people give a reason for the project to stay unarchived.
Being archived do not remove it, it just hide it by default and set it
readonly. It can be reverted without trouble.

See https://help.github.com/articles/archiving-a-github-repository/

- remove project who never started ("vagrant" is one example, there is
only one readme file).

For teams:
- if you are admin of a team, you have to turn on 2FA on your account.
- if you are admin of the github org, you have to turn 2FA.

- if a team no longer have a purpose (for example, all repos got
archived or removed), it will be removed.

- add a description in every team, that tell what kind of access does
it give. 


This would permit to get a bit more clarity and security. 


-- 
Michael Scherer
Sysadmin, Community Infrastructure and Platform, OSAS

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Gluster-devel mailing list
Gluster-devel@xxxxxxxxxxx
http://lists.gluster.org/mailman/listinfo/gluster-devel

[Index of Archives]     [Gluster Users]     [Ceph Users]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux