Github Org Owner Permissions

[Christoph Blecker]

Hey Steering Committee,

Looking for some guidance on the subject of GitHub Org Owner permissions. I understand this is something that you are working on defining a policy around.

I ask for two reasons:

- As part of our Community Maintenance effort (https://github.com/kubernetes/community/issues/1999), we have defined tasks around auditing permissions and integrations. It would help to have a policy to point to to define who needs these permissions and what the guidelines for being "inactive" might be.

- I am a new Technical Lead for Contributor Experience, along with Garrett. We will be supporting and backing each other up in that role. Garrett is currently the only one of the four contribex leads (Paris, Elsie, Garrett, and myself) that currently has those permissions, and I'm wondering if it would make sense to add myself to that role to assist with things like GitHub team creation/management, webhooks and integrations, making changes to labels, and auditing.

Thanks for your time!

[Aaron Crickenberger]

So as not to be a bottleneck, if you're willing to draft such a policy, I'm fine with steering committee members reviewing a PR to https://github.com/kubernetes/community/blob/master/org-owners-guide.md

I suspect as long as there is a clear path of escalation to responsive owners, there's not really a need for such a wide pool of org owners.

I'm also willing to add you as an org owner, but would like to see consensus from other steering committee members.

- aaron

--
You received this message because you are subscribed to the Google Groups "steering" group.
To unsubscribe from this group and stop receiving emails from it, send an email to steering+unsubscribe@kubernetes.io.
To post to this group, send email to stee...@kubernetes.io.
Visit this group at https://groups.google.com/a/kubernetes.io/group/steering/.
To view this discussion on the web visit https://groups.google.com/a/kubernetes.io/d/msgid/steering/CADx2oGGxi3xWCJQifXdk6V0qCFKis4VEF%2BVXKOF1i99FERaSpA%40mail.gmail.com.

[Brian Grant]

We do need an official, documented policy. 

We've tried to balance various concerns when choosing org owners in the past.

It takes some time to learn the github mechanisms and Kubernetes-specific policies for managing our orgs, repos, etc. Additionally, when people take actions, increasingly they need to be communicated to others somehow, which we need to define. The audit log contains very little information.

I would like to see an official Github admin role in SIG Contributor Experience, as opposed to just assuming the tech leads, who may not have the time, would hold that position. 

We also have tried to maintain timezone diversity, in case of emergencies, and have granted temporary ownership privileges on an as-needed basis, which should be allowed.

On Wed, Apr 4, 2018 at 11:33 AM Aaron Crickenberger <aaron.cri...@gmail.com> wrote:

So as not to be a bottleneck, if you're willing to draft such a policy, I'm fine with steering committee members reviewing a PR to https://github.com/kubernetes/community/blob/master/org-owners-guide.md

I suspect as long as there is a clear path of escalation to responsive owners, there's not really a need for such a wide pool of org owners.

I'm also willing to add you as an org owner, but would like to see consensus from other steering committee members.

- aaron

On Wed, Apr 4, 2018 at 11:16 AM, Christoph Blecker <cble...@gmail.com> wrote:

Hey Steering Committee,

Looking for some guidance on the subject of GitHub Org Owner permissions. I understand this is something that you are working on defining a policy around.

I ask for two reasons:

- As part of our Community Maintenance effort (https://github.com/kubernetes/community/issues/1999), we have defined tasks around auditing permissions and integrations. It would help to have a policy to point to to define who needs these permissions and what the guidelines for being "inactive" might be.

- I am a new Technical Lead for Contributor Experience, along with Garrett. We will be supporting and backing each other up in that role. Garrett is currently the only one of the four contribex leads (Paris, Elsie, Garrett, and myself) that currently has those permissions, and I'm wondering if it would make sense to add myself to that role to assist with things like GitHub team creation/management, webhooks and integrations, making changes to labels, and auditing.

Thanks for your time!

--
You received this message because you are subscribed to the Google Groups "steering" group.

To unsubscribe from this group and stop receiving emails from it, send an email to steering+u...@kubernetes.io.

To post to this group, send email to stee...@kubernetes.io.
Visit this group at https://groups.google.com/a/kubernetes.io/group/steering/.
To view this discussion on the web visit https://groups.google.com/a/kubernetes.io/d/msgid/steering/CADx2oGGxi3xWCJQifXdk6V0qCFKis4VEF%2BVXKOF1i99FERaSpA%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "steering" group.

To unsubscribe from this group and stop receiving emails from it, send an email to steering+u...@kubernetes.io.

To post to this group, send email to stee...@kubernetes.io.
Visit this group at https://groups.google.com/a/kubernetes.io/group/steering/.

To view this discussion on the web visit https://groups.google.com/a/kubernetes.io/d/msgid/steering/CALOex7tfQ%3Dbqn7t-nAkE%2BAXZHVcc_b%2BYtSas_2suvMa4gTcjpQ%40mail.gmail.com.

[Christoph Blecker]

That makes sense.

Thinking out loud: We have a “Community Management” subproject for things like slack, YouTube, zoom, mailing lists, etc. Perhaps “Github Administration” might have the scope to be it’s own subproject within ContribEx. Set the policy, take care of the people, wrap in things like “the process for getting invited to the org”. Adopt all that into the same umbrella. This might also be a decent home for the “meta org” that has been kicked around in a few different places (having git be the source of truth for Github team/repo permissions).

[Joe Beda]

On thing worth mentioning here: we have long been looking to build out tooling to drive github membership (teams and admin and such) based on some checked in files vs. manually manipulating github via the UI.  That effort hasn't risen to the top of anyone's list yet so it hasn't gotten done.  If we had such a mechanism the need for manual github owner actions would be reduced quite a bit.  Obviously this is orthogonal to having a dedicated set of folks in that role along with well documented processes.

Joe

To view this discussion on the web visit https://groups.google.com/a/kubernetes.io/d/msgid/steering/3BD94F92-5DCF-457F-A5F8-40DB1238C8F7%40gmail.com.

[Brian Grant]

There is also an outstanding proposal for automated repo management.

However, it's still the case that some things are only possible through the UI -- there is no public API. This has been a pain point for managing orgs and repos within Google. For example, there's no way to turn on the 2FA requirement for an org via an API and no way to access the audit log via an API or via any permissions more restricted than owner.

[Aaron Crickenberger]

I trust Christoph to help with these efforts.  He's already an active participant on the proposal in question.  He's been helping move our automation in the right direction for a while, the recent title was more of a formal recognition of all that he's done.

Are there any objections to adding him as an org owner in the interim?  If I hear nothing by tomorrow I'd like to add him.

- aaron

To unsubscribe from this group and stop receiving emails from it, send an email to steering+unsubscribe@kubernetes.io.

To post to this group, send email to stee...@kubernetes.io.
Visit this group at https://groups.google.com/a/kubernetes.io/group/steering/.
To view this discussion on the web visit https://groups.google.com/a/kubernetes.io/d/msgid/steering/CADx2oGGxi3xWCJQifXdk6V0qCFKis4VEF%2BVXKOF1i99FERaSpA%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "steering" group.

To unsubscribe from this group and stop receiving emails from it, send an email to steering+unsubscribe@kubernetes.io.

To post to this group, send email to stee...@kubernetes.io.
Visit this group at https://groups.google.com/a/kubernetes.io/group/steering/.
To view this discussion on the web visit https://groups.google.com/a/kubernetes.io/d/msgid/steering/CALOex7tfQ%3Dbqn7t-nAkE%2BAXZHVcc_b%2BYtSas_2suvMa4gTcjpQ%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "steering" group.

To unsubscribe from this group and stop receiving emails from it, send an email to steering+unsubscribe@kubernetes.io.

To post to this group, send email to stee...@kubernetes.io.
Visit this group at https://groups.google.com/a/kubernetes.io/group/steering/.
To view this discussion on the web visit https://groups.google.com/a/kubernetes.io/d/msgid/steering/3BD94F92-5DCF-457F-A5F8-40DB1238C8F7%40gmail.com.

--

You received this message because you are subscribed to the Google Groups "steering" group.

To unsubscribe from this group and stop receiving emails from it, send an email to steering+unsubscribe@kubernetes.io.

To post to this group, send email to stee...@kubernetes.io.
Visit this group at https://groups.google.com/a/kubernetes.io/group/steering/.

To view this discussion on the web visit https://groups.google.com/a/kubernetes.io/d/msgid/steering/CAKCBhs6%3Dczn47SUuWJ7ySW9iNVCcC2ngRY%3DUC%2BgydHjoSy%3D%2BZw%40mail.gmail.com.

[Brian Grant]

On Thu, Apr 5, 2018 at 10:10 AM Aaron Crickenberger <aaron.cri...@gmail.com> wrote:

I trust Christoph to help with these efforts.  He's already an active participant on the proposal in question.  He's been helping move our automation in the right direction for a while, the recent title was more of a formal recognition of all that he's done.

Are there any objections to adding him as an org owner in the interim?  If I hear nothing by tomorrow I'd like to add him.

I'm totally fine with that.

 

- aaron

To unsubscribe from this group and stop receiving emails from it, send an email to steering+u...@kubernetes.io.

To post to this group, send email to stee...@kubernetes.io.
Visit this group at https://groups.google.com/a/kubernetes.io/group/steering/.
To view this discussion on the web visit https://groups.google.com/a/kubernetes.io/d/msgid/steering/CADx2oGGxi3xWCJQifXdk6V0qCFKis4VEF%2BVXKOF1i99FERaSpA%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "steering" group.

To unsubscribe from this group and stop receiving emails from it, send an email to steering+u...@kubernetes.io.

To post to this group, send email to stee...@kubernetes.io.
Visit this group at https://groups.google.com/a/kubernetes.io/group/steering/.
To view this discussion on the web visit https://groups.google.com/a/kubernetes.io/d/msgid/steering/CALOex7tfQ%3Dbqn7t-nAkE%2BAXZHVcc_b%2BYtSas_2suvMa4gTcjpQ%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "steering" group.

To unsubscribe from this group and stop receiving emails from it, send an email to steering+u...@kubernetes.io.

To post to this group, send email to stee...@kubernetes.io.
Visit this group at https://groups.google.com/a/kubernetes.io/group/steering/.
To view this discussion on the web visit https://groups.google.com/a/kubernetes.io/d/msgid/steering/3BD94F92-5DCF-457F-A5F8-40DB1238C8F7%40gmail.com.

--
You received this message because you are subscribed to the Google Groups "steering" group.

To unsubscribe from this group and stop receiving emails from it, send an email to steering+u...@kubernetes.io.

To post to this group, send email to stee...@kubernetes.io.
Visit this group at https://groups.google.com/a/kubernetes.io/group/steering/.

[caleb...@google.com]

I'll add him now.