On 6/14/20 9:55 AM, Jason Cobb via agora-discussion wrote:
On 6/14/20 7:04 AM, nch via agora-discussion wrote:
A large number of members of the github were owners. Owners can
downgrade each other, delete repositories, and even delete the org.
Obviously these are all major security issues.
I have made the following changes:
* All members have read and write access to all repos
* All members have been downgraded except me, g, and comex.
Now that everyone has read and write access the vast majority of people
shouldn't need to be owners. Please let me know if you have a reason you need
to be.
Fine by me, although I am slightly concerned that bus factor for control
of the Github org has been lowered considerably.
In this regard, there will always be a tradeoff between security and
resiliency. As it stands, we will always lose key infrastructure if
either the domain name or mailing list controllers were hit by a bus,
which I think are more serious concerns than loss of the GitHub
organization.
--
----
Publius Scribonius Scholasticus, Herald, Referee, Tailor, Pirate
Champion, Badge of the Great Agoran Revival, Badge of the Salted Earth
