Opting out of OpenJS GitHub Continuity Policy (Electron)

[erickzhao]

👋 As a follow-up to #1348, I wanted to file an exception for the GitHub Continuity Policy for Electron.

Adapting our comment from the initial issue (#1327 (comment)).

Electron's continuity policy

Electron already has solid governance model in place to mitigate the need for external admin intervention:

• We wrote and open-sourced our own Permissions as Code infrastructure (electron/sheriff) that handles GitHub permissions across all of our organization’s repositories.
  • Organization members can be added and removed from teams and repositories by editing a YAML configuration and submitting a pull request.
  • This system also provides alerting for suspicious repository activity on GitHub (e.g. deleting releases, pushing to main, etc.)
• Our governance charter defines that the Infrastructure Working Group has GitHub admin permissions and can already handle mitigation processes with more context than an external IT administrator. All current members of the Infra WG are working full-time on Electron.

We also enforce SAML authentication across all of our own GitHub Enterprises, and we don’t want to add any non-governance members into our SAML provider as that would weaken our identity systems.