GitHub/cleanup
From MozillaWiki
< GitHub
Contents
- 1 Github Clean-up Campaign
- 2 The Goals
- 3 The Concerns
- 4 Steps to get there
- 4.1 Step 1: Require all owners to enable 2 factor authentication
- 4.2 Step 2: Review all the private repositories and remove any unused
- 4.3 Step 3: Reduce the overall number of owners
- 4.4 Step 4: Review web hooks and installed apps
- 4.5 Step 5: Ensure people who have commit access have signed the committer agreement
Github Clean-up Campaign
Communication is done through github-owners@m.o, periodic meetings, and spreadsheets!
The Goals
Welcome to the Github Clean-up Campaign. The goals of this campaign are:
- Ensure we have an appropriate number of owners to administrate our github account
- Ensure we don't run out of private repositories
- Not get in the way of people's reasonable workflows
The Concerns
- There are a large number of github owners and it's growing without any oversight
- Many people, including owners, have not enabled two factor authentication opening up risk of 3rd party access
- Owners have full access to all Github repositories, groups, and settings. There is no reason to have this many accounts with that level of access and it's dangerous as, again, there is no oversight or review.
- There is minimal logging of changes and conflicts/confusion occur when multiple people are trying to do the same thing.
Steps to get there
Step 1: Require all owners to enable 2 factor authentication
This is an easy first step to minimizing our risk.
Step 2: Review all the private repositories and remove any unused
We're almost out of private repositories but many are unused (and many were never used). There are legitimate needs for private repositories and if we run out it will cause delays in the future
Step 3: Reduce the overall number of owners
The original goal was less than 10 total. Let's see where we get.
Step 4: Review web hooks and installed apps
Lots of people install random github apps that get their hooks (pun intended) into every project the user has access to.
Step 5: Ensure people who have commit access have signed the committer agreement
Many people have commit access, but there isn't an easy way to correlate the two. Maybe clahub.com?