I think our team structure on Github has become unruly. I prefer that we use teams only when we can demonstrate that there is a strong need. At the moment, the gluster-maintainers and the glusterd2 projects have teams that have a strong need. If any other repo has a strong need for teams, please speak up. Otherwise, I suggest we delete the teams and add the relevant people as collaborators on the project.
It should be safe to delete the gerrit-hooks repo. These are now Github jobs. I'm not in favor of archiving the old projects if they're going to be hidden from someone looking for it. If they just move to the end of the listing, it's fine to archive.
On Fri, Jun 29, 2018 at 10:26 PM Michael Scherer <mscherer@xxxxxxxxxx> wrote:
Le vendredi 29 juin 2018 à 14:40 +0200, Michael Scherer a écrit :
> Hi,
>
> So, after Gentoo hack, I started to look at all our teams on github,
> and what access does everybody have, etc, etc
>
> And I have a few issues:
> - we have old repositories that are no longer used
> - we have team without description
> - we have people without 2FA who are admins of some team
> - github make this kind of audit really difficult without scripting
> (and the API is not stable yet for teams)
>
> So I would propose the following rules, and apply them in 1 or 2
> weeks
> time.
>
> For projects:
>
> - archives all old projects, aka, ones that got no commit since 2
> years, unless people give a reason for the project to stay
> unarchived.
> Being archived do not remove it, it just hide it by default and set
> it
> readonly. It can be reverted without trouble.
>
> See https://help.github.com/articles/archiving-a-github-repository/
>
> - remove project who never started ("vagrant" is one example, there
> is
> only one readme file).
>
> For teams:
> - if you are admin of a team, you have to turn on 2FA on your
> account.
> - if you are admin of the github org, you have to turn 2FA.
>
> - if a team no longer have a purpose (for example, all repos got
> archived or removed), it will be removed.
>
> - add a description in every team, that tell what kind of access does
> it give.
>
>
> This would permit to get a bit more clarity and security.
So to get some perspective after writing a script to get the
information, the repos I propose to archive:
Older than 3 years, we have:
- gmc-target
- gmc
- swiftkrbauth
- devstack-plugins
- forge
- glupy
- glusterfs-rackspace-regression-tester
- jenkins-ssh-slaves-plugin
- glusterfsiostat
Older than 2 years, we have:
- nagios-server-addons
- gluster-nagios-common
- gluster-nagios-addons
- mod_proxy_gluster
- gluster-tutorial
- gerrit-hooks
- distaf
- libgfapi-java-io
And to remove, because empty:
- vagrant
- bigdata
- gluster-manila
Once they are archived, I will take care of the code for finding teams
to remove.
--
Michael Scherer
Sysadmin, Community Infrastructure and Platform, OSAS
_______________________________________________
Gluster-devel mailing list
Gluster-devel@xxxxxxxxxxx
http://lists.gluster.org/mailman/listinfo/gluster-devel
--
nigelb
_______________________________________________ Gluster-devel mailing list Gluster-devel@xxxxxxxxxxx https://lists.gluster.org/mailman/listinfo/gluster-devel