[Intelmq-dev] Write Access to Repositories, Issue Tracker: Develop Community Guidelines
Dustin Demuth
dustin.demuth at intevation.de
Thu Jan 5 11:51:52 CET 2017
Hi Dev's
I'm wondering how and if we want to organise write access to the main
repository.
IMHO it's not clear enough who is capable of merging code to the master
branch. A "secret" IntelMQ-Contributors group exists on GitHub, nevertheless
the members of this group do only have "read" access.
For the sake of transparency such teams should be public and documented in
the "Development Guidelines".
In addition, I think access to the Issue-Tracker is to limited. More people
should be allowed to tag, assign, close, etc. issues. This would lower the
workload of the "Core-Team". They could focus on things with other
priorities.
I know that in GitHub it is not possible to differentiate between write-access
to the Repo and Moderator-access to the tracker. All tracker-moderators would
have write-access to the repo. Nevertheless, this differentiation could be
achieved by a set of community-guidelines.
We should discuss those on this list.
I think such guidelines are sufficient means of access control, as:
1) It's a distributed VCS, changes can be reverted.
2) Clearly communicate who is allowed to push to the repository and who is not
and how to get Into the "privileged group". One could use GitHub-Teams to do
that.
For example and discussion:
* IntelMQ-Core-Dev: List of beings allowed to push to the master
* IntelMQ-Contributors: List of beings allowed to push to feature and
development branches, if this granularity is required
* IntelMQ-Mods: List of beings allowed to moderate the tracker and
documentation, like the wiki, readmes, etc.
* IntelMQ-Website: List of beings allowed to edit the Website
Those groups must not be secret.
3) There could be rules like: If someone pushes to the repository who is not
allowed to do it, tell him/her it was a misbehaviour and revert the changes.
If it's an intentional misbehaviour and happens multiple times, discuss the
Issue and revoke his/her write access.
Best Regards
Dustin
--
dustin.demuth at intevation.de https://intevation.de/ OpenPGP key: B40D2EFF
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.cert.at/pipermail/intelmq-dev/attachments/20170105/74e4a39b/attachment.sig>
More information about the Intelmq-dev
mailing list