Hi Folks, Currently, every PR/commit from non-committers needs approval from one committer, which is not efficient and friendly for community contributors who already have PR commit experiences.
So I plan to send a request to the infra team, to change back to the "only need approval first time” option for Ozone. Let me know if you have other thoughts. I will send the request out next Monday if there are no objections received. Thanks, Sammi Chen On Tue, 14 Feb 2023 at 05:21, Wei-Chiu Chuang <weic...@apache.org> wrote: > ---------- Forwarded message --------- > From: Daniel Gruno <humbed...@apache.org> > Date: Mon, Feb 13, 2023 at 11:49 AM > Subject: [NOTICE] Upcoming global changes to default GitHub Actions > behavior for outside collaborators > To: <annou...@infra.apache.org> > > > To Project PMCs: > > GitHub for Apache projects is currently set to allow a non-committer > contributor to use GitHub Actions if a previous pull request by that > person has been approved. > > This has raised some security concerns, and could cause issues with > overall use and availability of GitHub Actions. > > The Infrastructure Team proposes to change the default to “always > require approval for external contributors”. We intend to make this > change on Sunday the 19th of March, 2023. > > This change will apply to all GitHub repositories that do not already > have a specific GitHub Actions policy set. > > Projects that have a strong desire to use the “only need approval first > time” option should communicate that, explaining their reasons, in a > Jira ticket for Infra. Please be as specific as you can in which > repositories you wish to have this option set for, should you choose to. > > With regards, > Daniel, on behalf of the ASF Infrastructure Team. >
