[Infrastructure] Separate GitHub Repositories for Each Working Group

Jos Purvis (jopurvis) jopurvis at cisco.com
Tue Sep 1 08:19:25 MST 2020 

Apologies about the meeting issues; I posted to the list and Slack about using my personal room instead for both cases, but I know email distribution can take some time. If we haven’t fixed the problem by next Monday, I’ll formally change the meeting invite to my personal Webex room until we can straighten things out.

 

Ryan> As I wasn't able to make the call, I'm not sure what was discussed for cabforum/documents - is that being renamed to that it will automatically redirect? I think we should, and should to servercert rather than forum, but that wasn't clear.

 

I don’t think we quite decided what to do with /documents, but moving it to /scwg makes sense. The proposal was to create each repo by checking out /documents and then checking it in to each directory (so git pull /documents then git push /smcwg, e.g.), so that each new repo inherits the git history of the original. Maybe that’s extra overhead?

 

Sounds like it’s ripe for discussion next week! I’ll make sure to straighten out the meeting issues by then (one way or another) so everyone can be on. 😊 

 

 

-- 
Jos Purvis (jopurvis at cisco.com)
.:|:.:|:. cisco systems | Cryptographic Services
PGP: 0xFD802FEE07D19105 | Controls and Trust Verification

 

 

From: Infrastructure <infrastructure-bounces at cabforum.org> on behalf of Wayne Thayer <wthayer at gmail.com>
Date: Monday, August 31, 2020 at 12:47 PM
To: Ryan Sleevi <sleevi at google.com>
Cc: "infrastructure at cabforum.org" <infrastructure at cabforum.org>
Subject: Re: [Infrastructure] Separate GitHub Repositories for Each Working Group

 

Thanks Ryan - this is helpful.

 

On Mon, Aug 31, 2020 at 9:32 AM Ryan Sleevi <sleevi at google.com> wrote:

 

 

On Mon, Aug 31, 2020 at 12:16 PM Wayne Thayer <wthayer at gmail.com> wrote:

During last week's Infrastructure call, Ben, Jos, and I discussed the proposal to split https://github.com/cabforum/documents/ into separate repositories for each WG's documents.

 

FWIW, I tried for 10 minutes to get into the call before giving up. Can we get this worked out for the next call? Had the same problem with our prior call as well.

 

 

No one has been able to start the meeting. Jos is working with the WebEx team to get his account fixed.

 

I don't believe that we need to create a ballot to proceed with this change, but I suggested that we should announce the change on the public list and give members a chance to object to it. Here is what I think we want to propose:

================

The Infrastructure Subcommittee plans to change the structure of the Forum's GitHub organization to better reflect the evolving structure of the Forum itself.

 

We'll create new repositories under the 'cabforum' organization as follows:

- "forum" - contains the Bylaws (and potentially IPR agreement and other Forum level docs)

- "servercert" - Charter, BRs, and EVGLs

- "code-signing" - Code signing Charter, BRs, and EV code signing guidelines

- "smime" - Charter and BRs for S/MIME certificates

- "tools" - automation code and other Infrastructure WG files

 

"tools" is a bit TBD right now. That's specifically a large scale of work (to work out the CI integration and templates and figuring out if we're doing cross-repo syncs). So let's just place this as "TBD". I think just focusing on the main work products sounds good.

 

As I wasn't able to make the call, I'm not sure what was discussed for cabforum/documents - is that being renamed to that it will automatically redirect? I think we should, and should to servercert rather than forum, but that wasn't clear.

 

 

That makes sense.

 

Each repo will have access rights specific to the working group (e.g. SCWG members won't be able to approve changes to the SMCWG repo).

 

One area that hadn't been worked through is whether or not the Forum Infrastructure group (or some subset) will be admins for these repositories or not? That has implications here for the statement of permissions, but also has implications when we thinking about how publishing will work (e.g. shared secrets in the repo config)

 

 

Suggest we discuss this on the next call.

 

Each repo will be configured to enforce reviews before merging a pull request.

 

... into the "main" repository, right?

 

 

Correct.

 

This change will be accomplished by moving documents from the existing repo into the new ones in such a way that history is preserved (most likely by forking 'documents' and then deleting files that are not in the scope of the new repo).

 

This seems like it's gated on the completion of branch cleanup, right, so that we don't bring in a ton of junk into new repos?

 

That seems like a good idea. We should discuss the cleanup on the next call.

 

- Wayne

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/infrastructure/attachments/20200901/7b766340/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3699 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/infrastructure/attachments/20200901/7b766340/attachment-0001.p7s>

More information about the Infrastructure mailing list