Revoke repository write access for inactive accounts #55

Closed
opened 2023-03-13 11:26:24 +01:00 by Brecht Van Lommel · 2 comments

For security reasons, inactive developer accounts should no longer have write access to repositories as those accounts are more likely to get compromised.

There are also many summer of code accounts where the intent was never to give write access to main. Going forward these students only need to work in a forked repository, and can be given commit access when their code lands and they are available to maintain it going forward.

Proposed policy: remove accounts inactive for 2 years. Anyone that previously had commit access can ask for it back without having to go through approval of Blender admins.

  • Create "All-time Developers" and other teams to move inactive developers to.
  • Write a script to get the list of inactive developers (add to tools/)
  • Move inactive developers to teams and make announcement
For security reasons, inactive developer accounts should no longer have write access to repositories as those accounts are more likely to get compromised. There are also many summer of code accounts where the intent was never to give write access to main. Going forward these students only need to work in a forked repository, and can be given commit access when their code lands and they are available to maintain it going forward. Proposed policy: remove accounts inactive for 2 years. Anyone that previously had commit access can ask for it back without having to go through approval of Blender admins. - [x] Create "All-time Developers" and other teams to move inactive developers to. - [x] Write a script to get the list of inactive developers (add to tools/) - [x] Move inactive developers to teams and make announcement
Brecht Van Lommel added the
policy
label 2023-03-13 11:27:34 +01:00

We could have a team that has no addition permission and move those developers there.

Sugestion: "All-time Developers".

We could have a team that has no addition permission and move those developers there. Sugestion: "All-time Developers".
Dalai Felinto self-assigned this 2023-03-14 10:38:06 +01:00
Dalai Felinto removed their assignment 2023-04-13 17:04:12 +02:00
Author
Owner

This was all done.

This was all done.
Sign in to join this conversation.
No Milestone
No project
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: infrastructure/blender-projects-platform#55
No description provided.