Security/FirefoxOperations: Difference between revisions

Security/FirefoxOperations (view source)

346 bytes added , 11 April 2018

included https://github.com/mozilla-services/foxsec/pull/847

Confirmed users

1,364

edits

@@ Line 90: / Line 90: @@
 * [ ] Ensure your code repository is configured and located appropriately:
    * Only designated people should be allowed to push to production branches. ([GitHub protected branches](https://help.github.com/articles/configuring-protected-branches/).)
+  * Branch protections should always apply to administrators as well.
    * Host your repository in a trusted organization (one that follows [EIS Recommendations](https://mana.mozilla.org/wiki/display/POLICIES/Standard%3A+GitHub+repositories+and+organizations)). A list is maintained [here](https://wiki.mozilla.org/Github/Trusted_Organizations).
+  * Ensure all contributors are in compliance with the [user guidelines](https://wiki.mozilla.org/Github/Repository_Security#Membership)
+  * Elevated permissions should be granted to teams, not individual accounts, whenever possible. (Only org members can be part of a team.)
 * [ ] Sign all release tags, and ideally commits as well
    * Developers should [configure git to sign all tags](http://micropipes.com/blog//2016/08/31/signing-your-commits-on-github-with-a-gpg-key/) and upload their PGP fingerprint to https://login.mozilla.com