[Infrastructure] GitHub permissions & RFC 3647 Template

Tim Hollebeek tim.hollebeek at digicert.com
Wed Jul 1 12:11:02 MST 2020 

I agree.

 

-Tim

 

From: Infrastructure <infrastructure-bounces at cabforum.org> On Behalf Of Jos Purvis (jopurvis)
Sent: Wednesday, July 1, 2020 2:02 PM
To: Ryan Sleevi <sleevi at google.com>; Ben Wilson <bwilson at mozilla.com>
Cc: infrastructure at cabforum.org
Subject: Re: [Infrastructure] GitHub permissions & RFC 3647 Template

 

I definitely agree: at most, it would require two administrators to make a quick change like that, which seems like a good idea. Four-eyes principle FTW. 😊 

 

 

-- 
Jos Purvis ( <mailto:jopurvis at cisco.com> jopurvis at cisco.com)
.:|:.:|:. cisco systems | Cryptographic Services
PGP: 0xFD802FEE07D19105 | Controls and Trust Verification

 

 

From: Infrastructure <infrastructure-bounces at cabforum.org <mailto:infrastructure-bounces at cabforum.org> > on behalf of Ryan Sleevi <sleevi at google.com <mailto:sleevi at google.com> >
Date: Wednesday, July 1, 2020 at 1:53 PM
To: Ben Wilson <bwilson at mozilla.com <mailto:bwilson at mozilla.com> >
Cc: "infrastructure at cabforum.org <mailto:infrastructure at cabforum.org> " <infrastructure at cabforum.org <mailto:infrastructure at cabforum.org> >
Subject: Re: [Infrastructure] GitHub permissions & RFC 3647 Template

 

I wanted to hear from other members, especially since many of the GitHub administrators are on the list, before unilaterally making any changes :)

 

On Wed, Jul 1, 2020 at 1:46 PM Ben Wilson <bwilson at mozilla.com <mailto:bwilson at mozilla.com> > wrote:

Hi Ryan,

I have the setting window open in Github.  Should I mark that checkbox (" Enforce all configured restrictions above for administrators.")?

Thanks,

Ben

 

On Wed, Jul 1, 2020 at 11:05 AM Ben Wilson <bwilson at mozilla.com <mailto:bwilson at mozilla.com> > wrote:

Yeah, I agree. 

 

On Wed, Jul 1, 2020 at 10:26 AM Ryan Sleevi <sleevi at google.com <mailto:sleevi at google.com> > wrote:

Hey Ben,

 

Not to try and call you out, but I noticed you directly committed https://github.com/cabforum/documents/commit/1e60f228aefc9dabd20ab3ccd39c295c1b895aec to the master without any form of pull request or review (AFAICT)

 

That's definitely not ideal, especially because it's unfortunately not valid markdown.

 

We currently have branch protections enabled to prevent this, but I think you may have been able to bypass these protections because we don't have them enforced for administrators.

 

I think we should enforce them for administrators (via Settings -> Branches -> Branch Protection -> Master -> "Include Administrators"). I realize this may make it harder to make infrastructure-related changes, but that seems to be a net win, overall. Do other folks agree?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/infrastructure/attachments/20200701/9f75d631/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/infrastructure/attachments/20200701/9f75d631/attachment.p7s>

More information about the Infrastructure mailing list