Confirmed users
1,364
edits
GitHub/Repository Security: Difference between revisions
m
replace unexpanded entities with hard quotes
(Initial publication) |
m (replace unexpanded entities with hard quotes) |
||
| Line 40: | Line 40: | ||
== Membership == | == Membership == | ||
<source lang:markdown> | <source lang:markdown> | ||
- [ ] All GitHub accounts granted specific access to a sensitive repository need to have a current email contact address recorded in a Mozilla system. (GitHub does not provide this feature.) For staff, that should be done in the | - [ ] All GitHub accounts granted specific access to a sensitive repository need to have a current email contact address recorded in a Mozilla system. (GitHub does not provide this feature.) For staff, that should be done in the "Github Username" field of their phonebook record, for others GitHub should be added as a "Profile Identity" in their Mozillians record, and their login added to the "Bio" section. | ||
- [ ] All GitHub accounts must use 2FA | - [ ] All GitHub accounts must use 2FA | ||
- [ ] Any member given elevated permissions to a repository should be told that it is their responsibility to contact organization owners and repository admins if they ever suspect or know that any of their GitHub credentials have been leaked or compromised. (This includes any Personal Access Tokens generated by the user.) | - [ ] Any member given elevated permissions to a repository should be told that it is their responsibility to contact organization owners and repository admins if they ever suspect or know that any of their GitHub credentials have been leaked or compromised. (This includes any Personal Access Tokens generated by the user.) | ||