GitHub/cleanup

Github Clean-up Campaign

Communication is done through github-owners@m.o, periodic meetings, and spreadsheets!

The Goals

Welcome to the Github Clean-up Campaign. The goals of this campaign are:

• Ensure we have an appropriate number of owners to administrate our github account
• Ensure we don't run out of private repositories
• Not get in the way of people's reasonable workflows

The Concerns

• There are a large number of github owners and it's growing without any oversight
• Many people, including owners, have not enabled two factor authentication opening up risk of 3rd party access
• Owners have full access to all Github repositories, groups, and settings. There is no reason to have this many accounts with that level of access and it's dangerous as, again, there is no oversight or review.
• There is minimal logging of changes and conflicts/confusion occur when multiple people are trying to do the same thing.

Steps to get there

Step 1: Require all owners to enable 2 factor authentication

This is an easy first step to minimizing our risk.

Step 2: Review all the private repositories and remove any unused

We're almost out of private repositories but many are unused (and many were never used). There are legitimate needs for private repositories and if we run out it will cause delays in the future

Step 3: Reduce the overall number of owners

The original goal was less than 10 total. Let's see where we get.

Step 4: Review web hooks and installed apps

Lots of people install random github apps that get their hooks (pun intended) into every project the user has access to.

Step 5: Ensure people who have commit access have signed the committer agreement

Many people have commit access, but there isn't an easy way to correlate the two. Maybe clahub.com?