Skip to content
86 changes: 65 additions & 21 deletions github/ipfs.yml
Original file line number Diff line number Diff line change
@@ -1,22 +1,29 @@
# yaml-language-server: $schema=.schema.json

members:
# Admin permissions map to "org owner" permissions listed in
# https://docs.github.com/en/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization#permissions-for-organization-rolesare
# These permissions are very broad, and thus, the list of people is intentionally minimal.
# Day-to-day administrating is done by those in the "github-mgmt Stewards" team (see team below).
# "github-mgmt Stewards" team can still escalate into org owner permissions if/when needed.
# This minimal owner set plus supporting rationale was documented and discussed in https://github.com/ipfs/ipfs/issues/511.
admin:
# Why @andyschwab-admin?
# 1. leader of [Sodal](https://sodal.io/)
# 2. has close access to [sead](https://www.sead.ai/), which is charged with sysadmin for critical systems within the wider Protocol Labs Network
# 3. general long-standing sysadmin for these organizations with his past roles at PL Inc
# 4. This isn't andyschwab's day-to-day GitHub account
- andyschwab-admin
- aschmahmann
- autonome
- BigLep
- cwaring
- daviddias
# Why @galargh?
# 1. co-founder of [IPDX](https://ipdx.co), and IPDX is contracted to look after GitHub for this organization.
# 2. Multiple years of experience managing GitHub organizations of open source projects, including this org.
- galargh
- hsanjuan
- jbenet
- lidel
- momack2
- olizilla
- Stebalien
# Why @vesahc?
# 1. THIS IS TEMPORARY: please remove by 2024-03-31 if not sooner.
# Escalation of permissions needed while moving Fleek accounts for various ipfs repos:
# https://github.com/ipfs/github-mgmt/pull/189#issuecomment-1939238972
# 2. @veshac also has history and ties with sysadmining with PL Inc and some of the projects that have spun out (Sodal, Sead).
- vesahc
- whyrusleeping
member:
- 1015bit
- 2color
Expand Down Expand Up @@ -46,10 +53,13 @@ members:
- arajasek
- arcalinea
- arsstone
- aschmahmann
- AuHau
- autonome
- avras
- b5
- balupton
- BigLep
- bigs
- bjoyce3
- blackforestboi
Expand All @@ -64,13 +74,15 @@ members:
- codynhat
- coryschwartz
- cpacia
- cwaring
- cyborgshead
- daijiale
- damedoteth
- dankelleher
- darkdh
- darobin
- davidar
- daviddias
- dborzov
- dchoi27
- deltazxm
Expand Down Expand Up @@ -113,6 +125,7 @@ members:
- harlantwood
- hinshun
- hosh
- hsanjuan
- hugomrdias
- ianamunoz
- iand
Expand All @@ -122,6 +135,7 @@ members:
- jacobheun
- jamiejn
- janjanovna
- jbenet
- jbenetsafer
- jdelgadopin
- jesseclay
Expand All @@ -148,6 +162,7 @@ members:
- kylehuntsman
- laurentsenta
- leshokunin
- lidel
- listenaddress
- litzenberger
- locotorp
Expand All @@ -169,6 +184,7 @@ members:
- mishmosh
- miyazono
- moeghashim
- momack2
- moul
- Mr0grog
- neogeweb3
Expand All @@ -180,6 +196,7 @@ members:
- NukeManDan
- nunofmn
- obo20
- olizilla
- parkan
- pepoospina
- petar
Expand All @@ -204,6 +221,7 @@ members:
- ShishKabab
- SidHarder
- smihaylov
- Stebalien
- stefanhans
- steven004
- stongo
Expand All @@ -230,6 +248,7 @@ members:
- wemeetagain
- whereswaldon
- whizzzkid
- whyrusleeping
- willscott
- Wondertan
- yangwao
Expand Down Expand Up @@ -8201,7 +8220,6 @@ repositories:
files:
.github/workflows/stale.yml:
content: .github/workflows/stale.yml
overwrite_on_create: true
has_discussions: false
merge_commit_message: PR_TITLE
merge_commit_title: MERGE_MESSAGE
Expand Down Expand Up @@ -8939,20 +8957,46 @@ teams:
- magik6k
privacy: closed
github-mgmt stewards:
# NOTE: created to capture users with push+ access to github-mgmt repository
# using a team instead of direct collaborators because we want to reference it in the CODEOWNERS file
description: Users that are effectively org admins
# Notes:
# 1. These members have push+ access to the github-mgmt repository (in addition to the ipdx team and the org owners listed in "members.admin" above).
# 2. This team also has the org-level "moderator" and "security manager" role.
# This is configured through the GitHub UI, not in GitHub management.
# (Org-level role documentation: https://docs.github.com/en/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization)
# 3. Having a team instead of direct collaborators on the github-mgmt repository also enables easy reference in the github-mgmt CODEOWNERS file.
# 4. Leaning on "github-mgmt stewards" for day-to-day admin over true org owners was done
# as part of the effort to reduce org owners in https://github.com/ipfs/ipfs/issues/511
description: Users that are effectively org owners/admins
members:
# WARN: membership here should be treated exactly as cautiously as having an org admin role
# WARN: membership here should be treated as cautiously as having an "org owner" role,
# since one can escalate their privileges accordingly.
# ATTN: members are expected to:
# - be familiar with GitHub Management
# - be ready to triage/review org configuration change request in github-mgmt
maintainer:
# INFO: Intentionally don't have any "maintainers" so that additional membership is done through github-mgmt rather than the GitHub UI.
# INFO: There are others who could certainly qualify to be members of this team.
# There is a balance to be had to ensure there are enough knowledgeable people available to support the needs/requests of the github org,
# and reducing risk by not having too many with the escalation path that this role affords.
member:
# Why @aschmahmann?
# 1. Long-time and still very active contributor to important repos like kubo and specs
# 2. Director of IP Shipyard, which is an organization receiving significant grant funding for IPFS development and maintenance.
# 3. Leader of multiple public IPFS working groups (dapps, implementers)
- aschmahmann
- BigLep
# Why @lidel?
# 1. ipfs specs champion, past and present
# 2. Key technical leader on IP Shipyard
# 3. Owner of IPFS implementers working group, active in others (browsers, ecosystem, dapps).
- lidel
member:
- achingbrain
# Why @mishmosh?
# 1. Director of the being-stood-up-in-2024 IPFS Foundation
- mishmosh
# Why @stebalien?
# 1. Not involved in the IPFS day-to-day currently, but has a lot of historical knowledge. Provides an informed outside perspective.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not related to specific individuals but is this a good enough reason?

Group membership here gives perms to create/delete/configure repos and mess with the GH org in general, if people aren't doing these essentially administrative tasks with reasonable frequency, why do they have the perms to do so?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fair callout @achingbrain - makes sense.
I was biasing here to make sure we had some more organizational diversity which is why I pulled in the IPFS Foundation.
Folks on this "github-mgmt stewards" team also have access to all security incidents reported through github, which seems appropriate for the IPFS Foundation to have insight on.
Github only allows for one team to be "security manager" though.
Using "github-mgmt stewards" is a shortcut, but in thinking more, it should ideally be its own team with high overlap with "github-mgmt stewards".
Given I'm out of time in this season to push on this further, I'm going to propose we go with what we currently have as its still better than what was there before, and future improvements can be made later.

# 2. Familiar with github-mgmt responsibilities in other orgs.
- stebalien
# Why @willscott?
# 1. Active maintainer in and around IPFS projects for multiple years now.
# 2. Active and experienced with github-mgmt in other organizations (e.g., ipld).
- willscott
privacy: closed
Go Core Team:
Expand Down