Open
Description
The TOC has been making room for working groups to add bot accounts in #375, #378, and other PRs, but we haven't clearly defined what constitutes a bot account and how they should be managed. Since these bot accounts have broad write permissions to repos within a working group area or within the entire working group, they are effectively approvers by proxy within the working group. Working groups and their areas also often use them to generate or to transfer release artifacts, so they present an attractive target for supply-chain attacks. Consequently, their definition and access should be handled with an appropriate degree of care.
The TOC and the working groups should agree on guidelines for:
- What kinds of accounts should and should not be used as bot accounts
- Which WG members should and should not have access to credentials for the bot account based on its scope in the WG
- Where credentials for the bot account should be stored to promote inclusive and transparent management within the working group
- What the process for adding and removing bot accounts should be
- Whether bot accounts should use 2-factor auth, if possible within the constraints of automation or WG/area joint management
Metadata
Assignees
Labels
No labels
Type
Projects
Status
Inbox