Repo Permissions Cleanup #177
Comments
|
@eddie-knight acknowledged. I have a couple of presentations to prep for today and tomorrow, will hopefully get time to start looking into this towards the end of the week. |
|
@sshiells-scottlogic & @eddie-knight - I received an automatic meeting indicating I have been removed from the ccc. Does it mean my support is no longer needed? |
|
Definitely not, @iMichaela! A lot of our recent work has been based on your contributions to the discussion, and your input is always appreciated. I believe everyone will have gotten a similar message when we changed the groups (as outlined above), though I didn't anticipate that happening. You're still in the CCC members group: 
Thanks for touching base on this! |
|
@eddie-knight @robmoffat we also received similar message as @iMichaela raised in the comment and got confused. Also, we saw all CCC meetings being cancelled with the note "All CCC meetings are temporarily cancelled."Together with the meeting cancellation, the notification gave us an impression that CCC project itself is paused/cancelled. It would be helpful for audiences to have context on why we were getting an email that we are being removed from the group (due to the changing being made here obviously) and why all CCC meetings are cancelled. |
|
Thanks @rachkim00, and very sorry for the sudden confusion. We've added a note in the repo to warn against meeting cancellations like that in the future (#179) and, fortunately, we've now launched the communications working group to address oversights like this! |
|
@eddie-knight Thank you much! I don't see any CCC meeting in my calendar yet since the cancellation. Hope there will be new ones scheduled. |
|
Yes! We are working with @robmoffat and the Communications WG to determine the next meetings. We'll notify the CCC mailing list and put the public meetings on the calendar— hopefully before the end of the week. |
Me either! |
|
Please can you expand on each of these groups with details of the group admin and members, so that I can get @TheJuanAndOnly99 to take a look? Also, I think we need a PR with the CODEOWNERS file in it. |
|
Also, can we make sure all groups are prefixed CCC so that they are easy to find? |
|
|
|
Thanks @robmoffat & @TheJuanAndOnly99. Notably, we recently learned that admins are only able to manage membership, not child groups. TODO
|
|
I'll collaborate with @sshiells-scottlogic to create the CODEOWNERS pull request tomorrow. The goal will be for that file to assign responsibility for everything in the repository to one of the WGs or the SteerCo. That way each group can determine their own acceptance criteria for their respective areas, so that contributions such as PR #153 aren't blocked by a lack of clarity in the future. |
|
@robmoffat @sshiells-scottlogic I think we should have the CODEOWNERS file itself be owned by the FINOS Point of Contact, so that there is foundation oversight on who owns each element in the repo. The alternative is to have the SteerCo own it. WDYT? |
|
I think the FINOS Point of Contact makes sense. If there are any changes that need made then I think they could be done quicker through the FINOS Point of Contact rather than having to go through the steer co.
|
|
@i'm just going to jump on this issue to lay out the meetings I'm going to create, their length and cadence:
Hopefully, this works - we've got a lot of meetings going on and I don't want to clash with too many other things in the FINOS calendar that people might want to do to. However, there ARE clashes with Backstage WG, and FDC3 for Web Browsers. I am heavily involved in that second one, so I won't be able to attend the second Delivery meeting of the month. @jared-lambert, @damienjburks @mlysaght2017 @Alexstpierrework please check your availability. Once everyone is happy I'll create these and invite the entire mailing list to attend - they can then choose which meetings they'd like to go to. |
@robmoffat Can Taxonomy WG have fortnightly meeting slots as well? I think I misunderstood what is informal when we last talked about it. I would like recurring fortnightly meetings that are not on FINOS calendar. Will that be possible? Thanks! |
|
@robmoffat - It looks like WG:Security and WG:Delivery are back-to-back. Is there a vision that members will be involved in more than one WG? Since I do not see a dedicated WG for the conversion of the security information in OSCAL and piloting or guiding the security automation process (for certification purpose), I am assuming the work will start under "Security" WG and continue inner "Delivery" WG . Is there a different vision for the work? Alternatively, "Security" WG can generate OSCAL samples and Delivery will be responsible for the tooling and conversion of the entire information. |
Absolutely. The delineation of responsibilities is to help scope the work commitments and enable granular reviews and approvals as things progress.
Should we open a new issue for this question? We'll need to get guidance on this topic from @damienjburks and @mlysaght2017. Input from @jared-lambert / Duplication Reduction might help as well. |
If there is no vision , no guidance, then we will need those and opening an issue might be a simple way of ensuring this is tracked. |
|
@robmoffat - I think aligning the Security WG with a fortnightly frequency would work better. Otherwise, I'm good. |
|
@iMichaela @eddie-knight @damienjburks - agree that we need more clarity on where the assessment layer falls. |
@mlysaght2017 - the clarification I requested is going beyond assessment.
|
This comment has been minimized.
This comment has been minimized.
|
That's great guidance, thanks @iMichaela . I'll create some issues with dependencies Will also expand on the initial example controls we have to have a larger sample to work with. |
But #139 was not addressed - was it? I reviewed and approved, from OSCAL perspective, the PR #153 |
|
I'm not sure- happy to let you and @mlysaght2017 collab to keep things organized for that workstream. @robmoffat and @TheJuanAndOnly99 please note that there are action items for you in the comments above on the topic of permissions and meetings cleanup |
@robmoffat I can chair the community structure meetings. |
Sorry if it wasn't clear, that's what I did already @mlysaght2017 |
Awesome, thanks @smendis-scottlogic |
|
Ok, here's a revised schedule:
And to summarise the meetings on a Thursday, over a month they would look like this:
If we're all happy with this, I'll work with @TheJuanAndOnly99 and create all this. Note for @TheJuanAndOnly99 I think we're going to need to create a second CCC zoom account and interleave the uses of them so that the meetings can be allowed to overrun and not crash into each other. WDYT? |
Hey @robmoffat that was myself (@sshiells-scottlogic) rahter than @smendis-scottlogic that volunteered for that :) |
oops sorry! I'll go back and fix the table... |
|
@robmoffat Can I request Taxonomy meeting to be scheduled from 4:30-5:00 instead of 4:00 to 4:30 so we can participate in community structure call right after the taxonomy call? |
sure - let me update this one more time... |
|
Hi everyone, Is it ok for @TheJuanAndOnly99 to create these GitHub teams now? Or do we want to wait until CODEOWNERS PR is done? |
|
We left the CODEOWNERS PR open until the teams exist- its currently
reporting an error due to not having the teams
…On Mon, Jun 3, 2024 at 07:40 Rob Moffat ***@***.***> wrote:
Hi everyone,
Is it ok for @TheJuanAndOnly99 <https://github.com/TheJuanAndOnly99> to
create these GitHub teams now? Or do we want to wait until CODEOWNERS PR is
done?
—
Reply to this email directly, view it on GitHub
<#177 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AFBSA5YGHHIYRKTGZ5FZFV3ZFRP4TAVCNFSM6AAAAABHXCVQBSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNBVGEYDGOBXGY>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
thanks for the steer |
|
@eddie-knight @robmoffat I've created the teams. There are pending invitations for @mlysaght2017, @Alexstpierrework, and @damienjburks. |
|
Thanks @TheJuanAndOnly99! |
|
@TheJuanAndOnly99 can you please check out #181 and compare it to the GitHub teams? It's still giving an error on a few of the groups. |
|
Thanks @TheJuanAndOnly99 — the teams all exist now. Can you help set them all as children of the CCC group?
|
|
Hi @eddie-knight I've set the CCC WG Leads team as a child of the CCC team. All the other CCC WG teams were previously set as children of the CCC WG Leads team making them 'grandchildren' of the CCC team. Does this work? A team can only have 1 parent team. |
|
I see what you mean. Visually this is great, but we will have an issue if the WG Leads group receives an elevated permission at some point... then every WG member will inherit those elevated permissions. It'll be easier to manage if they're all siblings within |
|
@eddie-knight I've made them all siblings. |
|
Thanks Juan! Closing this issue as complete. @robmoffat, I believe you have everything needed for the revised meeting schedule... of course feel free to continue discussion here or elsewhere as needed. We should collab through the Comms WG to notify the community of the updated cadence and mail groups. |
|
I am willing to hop on a call, or a breakout thread to discuss comms. I do
not believe this email chain is the best place for that discussion.
…On Wed, Jun 5, 2024, 8:57 AM Eddie Knight ***@***.***> wrote:
Thanks Juan! Closing this issue as complete.
@robmoffat <https://github.com/robmoffat>, I believe you have everything
needed for the revised meeting schedule... of course feel free to continue
discussion here or elsewhere as needed. We should collab through the Comms
WG to notify the community of the updated cadence and mail groups.
—
Reply to this email directly, view it on GitHub
<#177 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/BICT4ITQSQ4IB72DCQEJQ6DZF4KMFAVCNFSM6AAAAABHXCVQBSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNJQGA2DMOBYGU>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Problem
Currently there are a large number of individuals with merge access to the CCC repo, and no clear means for the community to self-manage roles and permissions.
Proposed Solution
Adjust repo permissions to correspond with the community guidelines:
cccccc:ccc-steercoccc-wg-leadsccc-wg-XXXmembers@finos/ccc-memberswill notify the whole communityccc-maintainersteam, as it has been replaced by the above groups (if possible, use this as the starter forccc/members.ccc-participantsteam, as it was only in use during the private stage of the project last yearThe text was updated successfully, but these errors were encountered: