Coding CC Rights Expansion: Adolfo Brandes

As a member of tCRIL, I would like to grant GitHub Administrator rights for the openedx organization to @arbrandes

This access grants Adolfo access to configure settings & user access on the organization and all of its repositories. He’d use the admin-level permissions primarily while taking his turn on the tCRIL on-call rotation, where the team handles both access concerns and GitHub apps and secrets management.

From time to time, we may also use the admin access for housekeeping tasks such as fixing CI configuration, managing issue templates, updating repository descriptions and curating the pinned repositories. If Adolfo were to leave the tCRIL on-call rotation, he would give up this access, especially once we’re at a point where more repositories have dedicated maintainers who can be responsible for these sort of housekeeping tasks.

One caveat: This access also grants global write access, which means that he could push branches, leave qualifying PR reviews, and merge PRs for all repositories. Right now, Adolfo has write access to: All release branches; frontend-app-library-authoring, edx-platform, frontend-platform, frontend-template-application, frontend-build, frontend-component-header, frontend-component-footer.

As administrators, we are asking that you trust us to do the following:

  • Have Core Contributor status before becoming an Admin
  • Only use our admin power as plainly spelled out: for on-call duties that include GH access permissions, app management, secret management, and configurations (such as CI configuration).
  • To not use this access as a blank check to write to all repos.
    • This involves trust: despite the fact this permission confers write access to all repos, write access will only be used for the repo(s) the Administrator holds CC access to
    • If access is needed to another repo, proper channels will be gone through: either asking CCs on other repos for merge assistance, or requesting elevated access permissions as per OEP-54
  • All administrators will keep tabs on the actions of all the other admins.

If, at any point, a community member has issue with the actions of an Admin, they should seek out another admin, or, for assistance. GH Audit Logs will be used to validate any report of misconduct.

Adolfo has been a trusted member of the community, and I believe he will use these Administrator powers for good. We are seeking comment from the community on granting of this access to Adolfo.

Comment Period: 11 March 2022 - 25 March 2022


This is definitely a +1 for me :slight_smile:

I vote Yes! :+1:

This is also a yes for me. Adolfo has already been trusted with release branches at the BTR and he always handled those permissions responsibly.

+1 from me. Felipe said it all.

@sarina @arbrandes This also sounds good to me. :+1:

Btw, a nice action and gesture about the admin permissions would be to also assign it to some community members who aren’t members of tCRIL? Would it be useful if I nominate @Felipe and @pdpinch for it, for example? :slight_smile: It could further signal and establish within the project that the privileges are not not purely based on the org someone belongs to, but on trust & merit?

So as to not derail this conversation, we’ve pulled this question into a separate thread (linked above). Please continue to use this thread to discuss Adolfo’s access.

Thanks for your votes of confidence, everyone!