Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Auditing Kubernetes Org Owner Permissions #2465
TL;DR: We will soon be limiting org admin access to our GitHub administration team. If you do not have/need admin access to a kubernetes org, you may stop reading now.
Now that this team is established and in place, we are moving forward with auditing Org Owner permissions across all our active organizations and removing those who are not a part of this team. If you are on one of the lists below, your org owner access is slated to be removed on Wednesday, August 8th in the morning Pacific Time.
We are doing this to reduce our footprint of users/tokens that have "root" permissions on our orgs/repos, but retain a small, active team that is able to respond across time zones to take action when needed. This is something we have been working on for a while, but I accelerated my focus on it after the recent Gentoo GitHub security incident (https://wiki.gentoo.org/wiki/Project:Infrastructure/Incident_Reports/2018-06-28_Github).
There may be some short-term issues once your access has been revoked. In particular, actions you previously were able to do (such as having direct write access to a repo) may not work after this access is removed. If any issues like this arise, please ping @kubernetes/owners or open an issue against the https://github.com/kubernetes/org repo, and we should be able to get you fixed up and added to the right teams.
Thank you for your understanding and patience during this transition!
@vishh The specific permissions that are being rolled back are detailed here:
The highlights being inviting/removing members from the org, accessing the org audit log, creating new repos, etc.
Does it change branch release manager's ability to change labels on PRs or force merge them if necessary (while I am ok if I don't have the second one, but first one is a must as some of the labels cannot be set using commands). Mehdy Bohlool | Software Engineer | email@example.com | mbohlool@github <https://github.com/mbohlool>…
On Fri, Aug 3, 2018 at 4:28 PM Christoph Blecker ***@***.***> wrote: @vishh <https://github.com/vishh> The specific permissions that are being rolled back are detailed here: https://github.com/kubernetes/community/blob/master/github-management/permissions.md#owner https://help.github.com/articles/permission-levels-for-an-organization/ The highlights being inviting/removing members from the org, accessing the org audit log, creating new repos, etc. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#2465 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABic4I_VpNaFeTdfr5w7JtMiGTeUrLCZks5uNNyCgaJpZM4Vut32> .
@cblecker kuberbetes-csi is still under active development. We are still actively adding, removing, and merging repos. Removing me as an org owner may effect our velocity. We plan to go GA (stable) in Q4 or Q1. Can you please not remove my permissions until then.
@saad-ali How often do you expect to be doing this? I see one repo creation in the audit log, 28 days ago. While I understand your concern and don't want to impact velocity, this is a critical step to the project's stability and security.
Would having SLOs around responsiveness address your concern?