As a member of tCRIL, I would like to grant GitHub Administrator rights for the
openedx organization to @arbrandes
This access grants Adolfo access to configure settings & user access on the organization and all of its repositories. He’d use the admin-level permissions primarily while taking his turn on the tCRIL on-call rotation, where the team handles both access concerns and GitHub apps and secrets management.
From time to time, we may also use the admin access for housekeeping tasks such as fixing CI configuration, managing issue templates, updating repository descriptions and curating the pinned repositories. If Adolfo were to leave the tCRIL on-call rotation, he would give up this access, especially once we’re at a point where more repositories have dedicated maintainers who can be responsible for these sort of housekeeping tasks.
One caveat: This access also grants global write access, which means that he could push branches, leave qualifying PR reviews, and merge PRs for all repositories. Right now, Adolfo has write access to: All release branches; frontend-app-library-authoring, edx-platform, frontend-platform, frontend-template-application, frontend-build, frontend-component-header, frontend-component-footer.
As administrators, we are asking that you trust us to do the following:
- Have Core Contributor status before becoming an Admin
- Only use our admin power as plainly spelled out: for on-call duties that include GH access permissions, app management, secret management, and configurations (such as CI configuration).
- To not use this access as a blank check to write to all repos.
- This involves trust: despite the fact this permission confers write access to all repos, write access will only be used for the repo(s) the Administrator holds CC access to
- If access is needed to another repo, proper channels will be gone through: either asking CCs on other repos for merge assistance, or requesting elevated access permissions as per OEP-54
- All administrators will keep tabs on the actions of all the other admins.
If, at any point, a community member has issue with the actions of an Admin, they should seek out another admin, or
email@example.com, for assistance. GH Audit Logs will be used to validate any report of misconduct.
Adolfo has been a trusted member of the community, and I believe he will use these Administrator powers for good. We are seeking comment from the community on granting of this access to Adolfo.
Comment Period: 11 March 2022 - 25 March 2022