Hi Dev's
I'm wondering how and if we want to organise write access to the main repository. IMHO it's not clear enough who is capable of merging code to the master branch. A "secret" IntelMQ-Contributors group exists on GitHub, nevertheless the members of this group do only have "read" access. For the sake of transparency such teams should be public and documented in the "Development Guidelines".
In addition, I think access to the Issue-Tracker is to limited. More people should be allowed to tag, assign, close, etc. issues. This would lower the workload of the "Core-Team". They could focus on things with other priorities.
I know that in GitHub it is not possible to differentiate between write-access to the Repo and Moderator-access to the tracker. All tracker-moderators would have write-access to the repo. Nevertheless, this differentiation could be achieved by a set of community-guidelines. We should discuss those on this list.
I think such guidelines are sufficient means of access control, as:
1) It's a distributed VCS, changes can be reverted.
2) Clearly communicate who is allowed to push to the repository and who is not and how to get Into the "privileged group". One could use GitHub-Teams to do that. For example and discussion: * IntelMQ-Core-Dev: List of beings allowed to push to the master * IntelMQ-Contributors: List of beings allowed to push to feature and development branches, if this granularity is required * IntelMQ-Mods: List of beings allowed to moderate the tracker and documentation, like the wiki, readmes, etc. * IntelMQ-Website: List of beings allowed to edit the Website Those groups must not be secret.
3) There could be rules like: If someone pushes to the repository who is not allowed to do it, tell him/her it was a misbehaviour and revert the changes. If it's an intentional misbehaviour and happens multiple times, discuss the Issue and revoke his/her write access.
Best Regards
Dustin