infrastructure/blender-projects-platform
7
1
Issues 48 Projects 1 Activity

Revoke repository write access for inactive accounts #55

New Issue
Closed
opened 2023-03-13 11:26:24 +01:00 by Brecht Van Lommel · 2 comments
Brecht Van Lommel commented 2023-03-13 11:26:24 +01:00
Owner
Copy Link

For security reasons, inactive developer accounts should no longer have write access to repositories as those accounts are more likely to get compromised.

There are also many summer of code accounts where the intent was never to give write access to main. Going forward these students only need to work in a forked repository, and can be given commit access when their code lands and they are available to maintain it going forward.

Proposed policy: remove accounts inactive for 2 years. Anyone that previously had commit access can ask for it back without having to go through approval of Blender admins.

  • Create "All-time Developers" and other teams to move inactive developers to.
  • Write a script to get the list of inactive developers (add to tools/)
  • Move inactive developers to teams and make announcement
For security reasons, inactive developer accounts should no longer have write access to repositories as those accounts are more likely to get compromised. There are also many summer of code accounts where the intent was never to give write access to main. Going forward these students only need to work in a forked repository, and can be given commit access when their code lands and they are available to maintain it going forward. Proposed policy: remove accounts inactive for 2 years. Anyone that previously had commit access can ask for it back without having to go through approval of Blender admins. - [x] Create "All-time Developers" and other teams to move inactive developers to. - [x] Write a script to get the list of inactive developers (add to tools/) - [x] Move inactive developers to teams and make announcement
Dalai Felinto commented 2023-03-14 10:33:42 +01:00
Owner
Copy Link

We could have a team that has no addition permission and move those developers there.

Sugestion: "All-time Developers".

We could have a team that has no addition permission and move those developers there. Sugestion: "All-time Developers".
Dalai Felinto self-assigned this 2023-03-14 10:38:06 +01:00
Dalai Felinto removed their assignment 2023-04-13 17:04:12 +02:00
Brecht Van Lommel commented 2023-10-10 12:21:33 +02:00
Author
Owner
Copy Link

This was all done.

This was all done.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels   
Service
Buildbot
builder.blender.org

  
Service
Chat
chat.blender.org

  
Service
Gitea
projects.blender.org

  
Service
Translate
translate.blender.org

  
Type
Bug
Errors or incorrect behaviour

  
Type
Config
Configuration change

  
Type
Deployment
Version deployment or rollback

  
Type
Feature
New functionality or enhancement

  
Type
Setup
New service setup and deployment

No Label
Service
Buildbot
Service
Chat
Service
Gitea
Service
Translate
Type
Bug
Type
Config
Type
Deployment
Type
Feature
Type
Setup
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: infrastructure/blender-projects-platform#55
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?