[Infrastructure] GitHub permissions & RFC 3647 Template

Jos Purvis (jopurvis) jopurvis at cisco.com
Wed Jul 1 11:01:56 MST 2020

I definitely agree: at most, it would require two administrators to make a quick change like that, which seems like a good idea. Four-eyes principle FTW. 😊 



Jos Purvis (jopurvis at cisco.com)
.:|:.:|:. cisco systems | Cryptographic Services
PGP: 0xFD802FEE07D19105 | Controls and Trust Verification



From: Infrastructure <infrastructure-bounces at cabforum.org> on behalf of Ryan Sleevi <sleevi at google.com>
Date: Wednesday, July 1, 2020 at 1:53 PM
To: Ben Wilson <bwilson at mozilla.com>
Cc: "infrastructure at cabforum.org" <infrastructure at cabforum.org>
Subject: Re: [Infrastructure] GitHub permissions & RFC 3647 Template


I wanted to hear from other members, especially since many of the GitHub administrators are on the list, before unilaterally making any changes :)


On Wed, Jul 1, 2020 at 1:46 PM Ben Wilson <bwilson at mozilla.com> wrote:

Hi Ryan,

I have the setting window open in Github.  Should I mark that checkbox (" Enforce all configured restrictions above for administrators.")?




On Wed, Jul 1, 2020 at 11:05 AM Ben Wilson <bwilson at mozilla.com> wrote:

Yeah, I agree. 


On Wed, Jul 1, 2020 at 10:26 AM Ryan Sleevi <sleevi at google.com> wrote:

Hey Ben,


Not to try and call you out, but I noticed you directly committed https://github.com/cabforum/documents/commit/1e60f228aefc9dabd20ab3ccd39c295c1b895aec to the master without any form of pull request or review (AFAICT)


That's definitely not ideal, especially because it's unfortunately not valid markdown.


We currently have branch protections enabled to prevent this, but I think you may have been able to bypass these protections because we don't have them enforced for administrators.


I think we should enforce them for administrators (via Settings -> Branches -> Branch Protection -> Master -> "Include Administrators"). I realize this may make it harder to make infrastructure-related changes, but that seems to be a net win, overall. Do other folks agree?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/infrastructure/attachments/20200701/1574d862/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3699 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/infrastructure/attachments/20200701/1574d862/attachment-0001.p7s>

More information about the Infrastructure mailing list