From b52e0fd4150507b3c9b6371544d830aab52b861d Mon Sep 17 00:00:00 2001 From: Nell Shamrell Date: Mon, 2 Mar 2020 10:49:43 -0800 Subject: [PATCH 01/11] adds rfc for rust-lang org github access policy Signed-off-by: Nell Shamrell --- text/0000-github-access-policy.md | 60 +++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 text/0000-github-access-policy.md diff --git a/text/0000-github-access-policy.md b/text/0000-github-access-policy.md new file mode 100644 index 00000000000..c1dc8235864 --- /dev/null +++ b/text/0000-github-access-policy.md @@ -0,0 +1,60 @@ +- Feature Name: rust-lang_github_org_access_policy +- Start Date: 2020-03-02 + +# Summary +[summary]: #summary + +This RFC proposes a policy for managing permissions to the [Rust-Lang GitHub Organization](https://www.github.com/rust-lang) and repositories within this organization. + +This RFC was written in consultation with the Governance Working Group and the Infrastructure team. Most discussion took place on [this issue](https://github.com/rust-lang/wg-governance) and [this pull request](https://github.com/rust-lang/wg-governance/pull/42). + +# Motivation +[motivation]: #motivation + +Access control for the [Rust-Lang GitHub Organization](https://www.github.com/rust-lang) and repositories within that organization is currently managed ad-hoc. We need a policy that defines how these accesses are granted and managed. This will allow us to have greater security in permissions to our GitHub org and also allow the infra team to build appropriate tooling to automate access control when possible. + +# Guide-level explanation +[guide-level-explanation]: #guide-level-explanation + +## Rust-Lang GitHub Permissions Policy +This policy applies to both the [Rust-Lang GitHub Organization](https://github.com/rust-lang/) and all repositories within that organization. + +### Rust-Lang Organization +Membership in the Rust-Lang GitHub organization is managed by the organization owners. + +All members of the [Core Team](https://github.com/rust-lang/team/blob/master/teams/core.toml) have the right to be organization owners. + +Selected members of the [Infrastructure Team](https://github.com/rust-lang/team/blob/master/teams/infra.toml) can also be organization owners if their work requires it. + +Owners should use a separate account from their main GitHub account dedicated to managing the organization. This account may not be used to commit code and must have 2FA enabled. + +### Rust-Lang Repositories + +Access to and permissions for repositories within the Rust-Lang organization should be administered through GitHub teams. Rust-Lang GitHub teams are administered through the [Team repository](https://github.com/rust-lang/team). + +GitHub provides several permission levels for access to a repository. Please refer to [GitHub's documentation](https://help.github.com/en/github/setting-up-and-managing-organizations-and-teams/repository-permission-levels-for-an-organization) for details on permission levels and what each level can do. + +Repositories in the Rust-Lang organization should follow these permission guidelines: + +Permissions should **only** be given to teams within the Rust-Lang organization, not to individuals. + +* **Admin** - only Rust team or working group leads should have this permission level +* **Write** - contributors within GitHub teams may have this permission level at the discretion of the team leads +* **Triage** - contributors within GitHub teams involved in issue and pull request management (i.e. closing, re-opening, and assigning issues and pull requests) should be granted this access +* **Read** - by default, everyone should have access to read repositories + +By default, repositories should be public and allow read access to all. When needed, some repositories can have limited read access (i.e. repositories related to security). + +Bot accounts controlled by the Infrastructure Team (such as the [Rust High Five Bot](https://github.com/rust-highfive)) can be granted any level of access required for them to work at the discretion of the Infrastructure Team. + +# Drawbacks +[drawbacks]: #drawbacks + +This policy would add more structure to managing GitHub permissions for both the [Rust-Lang GitHub Organization](https://github.com/rust-lang) and all repositories within it. Some might find this structure slows them down and alters their current workflow. + +# Unresolved questions +[unresolved-questions]: #unresolved-questions + +- Should these rules applied to Rust-Lang affiliated repositories and organizations that are outside of the [Rust-Lang GitHub Org](https://www.github.com/rustlang)? +- Should we automate this process? +- How do we ensure that changes to the [Teams Repository](https://github.com/rust-lang/team) are reviewed and merged promptly? \ No newline at end of file From 461b3b49999bd36259c5cafa241cd30392579b75 Mon Sep 17 00:00:00 2001 From: Nell Shamrell Date: Tue, 3 Mar 2020 15:50:02 -0800 Subject: [PATCH 02/11] clarify that team permissions refer to GitHub teams Signed-off-by: Nell Shamrell --- text/0000-github-access-policy.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/text/0000-github-access-policy.md b/text/0000-github-access-policy.md index c1dc8235864..1daf65178ee 100644 --- a/text/0000-github-access-policy.md +++ b/text/0000-github-access-policy.md @@ -30,14 +30,12 @@ Owners should use a separate account from their main GitHub account dedicated to ### Rust-Lang Repositories -Access to and permissions for repositories within the Rust-Lang organization should be administered through GitHub teams. Rust-Lang GitHub teams are administered through the [Team repository](https://github.com/rust-lang/team). +Access to and permissions for repositories within the Rust-Lang organization must be administered through GitHub teams, rather than through individual GitHub accounts. Note that this refers to the GitHub notion of teams, not the Rust governance structure notion of teams. Rust-Lang GitHub teams are administered through the [Team repository](https://github.com/rust-lang/team). GitHub provides several permission levels for access to a repository. Please refer to [GitHub's documentation](https://help.github.com/en/github/setting-up-and-managing-organizations-and-teams/repository-permission-levels-for-an-organization) for details on permission levels and what each level can do. Repositories in the Rust-Lang organization should follow these permission guidelines: -Permissions should **only** be given to teams within the Rust-Lang organization, not to individuals. - * **Admin** - only Rust team or working group leads should have this permission level * **Write** - contributors within GitHub teams may have this permission level at the discretion of the team leads * **Triage** - contributors within GitHub teams involved in issue and pull request management (i.e. closing, re-opening, and assigning issues and pull requests) should be granted this access From 43a015de8f26bf57e1ce49ed441af1fed86af7fc Mon Sep 17 00:00:00 2001 From: Nell Shamrell Date: Fri, 10 Apr 2020 11:53:18 -0700 Subject: [PATCH 03/11] clarifies difference between triage and write levels Signed-off-by: Nell Shamrell --- text/0000-github-access-policy.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/text/0000-github-access-policy.md b/text/0000-github-access-policy.md index 1daf65178ee..831d6d69e72 100644 --- a/text/0000-github-access-policy.md +++ b/text/0000-github-access-policy.md @@ -37,10 +37,11 @@ GitHub provides several permission levels for access to a repository. Please ref Repositories in the Rust-Lang organization should follow these permission guidelines: * **Admin** - only Rust team or working group leads should have this permission level -* **Write** - contributors within GitHub teams may have this permission level at the discretion of the team leads -* **Triage** - contributors within GitHub teams involved in issue and pull request management (i.e. closing, re-opening, and assigning issues and pull requests) should be granted this access +* **Write** - contributors within GitHub teams may have this permission level at the discretion of the team leads. Members of the triage team should also ge given this level of access so they have the ability edit issue descriptions. * **Read** - by default, everyone should have access to read repositories +GitHub does provide another permission level - Triage - which is geared toward contributors involved in issue and pull request management. This permission level unfortunately does not allow contributors to edit issue descriptions, which is something Rust's triage teams do frequently. Therefore, contributors in triage roles should be assigned "Write" permissions, rather than "Triage" permissions. + By default, repositories should be public and allow read access to all. When needed, some repositories can have limited read access (i.e. repositories related to security). Bot accounts controlled by the Infrastructure Team (such as the [Rust High Five Bot](https://github.com/rust-highfive)) can be granted any level of access required for them to work at the discretion of the Infrastructure Team. From 02f41ede7e3820c6a29162f6602f9df2960328af Mon Sep 17 00:00:00 2001 From: Nell Shamrell Date: Fri, 17 Apr 2020 10:17:10 -0700 Subject: [PATCH 04/11] updates with text around GitHub apps and OAuth Signed-off-by: Nell Shamrell --- text/0000-github-access-policy.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/text/0000-github-access-policy.md b/text/0000-github-access-policy.md index 831d6d69e72..b556b8659d0 100644 --- a/text/0000-github-access-policy.md +++ b/text/0000-github-access-policy.md @@ -20,13 +20,18 @@ Access control for the [Rust-Lang GitHub Organization](https://www.github.com/ru This policy applies to both the [Rust-Lang GitHub Organization](https://github.com/rust-lang/) and all repositories within that organization. ### Rust-Lang Organization + Membership in the Rust-Lang GitHub organization is managed by the organization owners. All members of the [Core Team](https://github.com/rust-lang/team/blob/master/teams/core.toml) have the right to be organization owners. Selected members of the [Infrastructure Team](https://github.com/rust-lang/team/blob/master/teams/infra.toml) can also be organization owners if their work requires it. -Owners should use a separate account from their main GitHub account dedicated to managing the organization. This account may not be used to commit code and must have 2FA enabled. +Owners should use a separate account from their main GitHub account dedicated to managing the organization. The reason for this is many GitHub users use their account with other [GitHub apps](https://developer.github.com/apps/about-apps/#about-github-apps) (the risk is even greater with [OAuth apps](https://developer.github.com/apps/about-apps/#about-oauth-apps)). It is extremely difficult for a user to ensure their GitHub account has not been compromised - as shown in this [threat model](https://github.com/mozilla-services/GitHub-Audit/blob/master/docs/threat.md). As a result of this, the separate owner account may not be used with any OAuth or GitHub applications and it may not be used to commit code. The intent is to reduce the risk of a compromise of an account with full owner permissions to all repositories in the Rust-Lang org. + +If a non-owner account has extensive permissions in the Rust-Lang org, we recommend using GitHub apps and OAuth apps with caution. + +All GitHub accounts used to interact with the Rust-Lang GitHub organization (owner or non-owner) must have 2FA enabled. ### Rust-Lang Repositories From 93afff847ae59de3be1484c70f92434d33275f04 Mon Sep 17 00:00:00 2001 From: Nell Shamrell Date: Tue, 21 Apr 2020 11:19:23 -0700 Subject: [PATCH 05/11] adds in text aboout the moderation team Signed-off-by: Nell Shamrell --- text/0000-github-access-policy.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/text/0000-github-access-policy.md b/text/0000-github-access-policy.md index b556b8659d0..d4202cb1190 100644 --- a/text/0000-github-access-policy.md +++ b/text/0000-github-access-policy.md @@ -51,6 +51,8 @@ By default, repositories should be public and allow read access to all. When nee Bot accounts controlled by the Infrastructure Team (such as the [Rust High Five Bot](https://github.com/rust-highfive)) can be granted any level of access required for them to work at the discretion of the Infrastructure Team. +Rust teams that need broad access to public Rust-Lang repositories - such as the moderation team - should create a GitHub team managed through the [Team repository](https://github.com/rust-lang/team) - and grant that team access to all appropriate repositories. + # Drawbacks [drawbacks]: #drawbacks From e72326713fab40aea612be87b356911861b741a3 Mon Sep 17 00:00:00 2001 From: Nell Shamrell Date: Tue, 28 Apr 2020 11:57:06 -0700 Subject: [PATCH 06/11] add more clarity around managing moderation Signed-off-by: Nell Shamrell --- text/0000-github-access-policy.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/text/0000-github-access-policy.md b/text/0000-github-access-policy.md index d4202cb1190..839b2f792ba 100644 --- a/text/0000-github-access-policy.md +++ b/text/0000-github-access-policy.md @@ -49,9 +49,9 @@ GitHub does provide another permission level - Triage - which is geared toward c By default, repositories should be public and allow read access to all. When needed, some repositories can have limited read access (i.e. repositories related to security). -Bot accounts controlled by the Infrastructure Team (such as the [Rust High Five Bot](https://github.com/rust-highfive)) can be granted any level of access required for them to work at the discretion of the Infrastructure Team. +Some teams - such as the moderation team - need broad access to public Rust-Lang repositories. The first way to manage this is through creating a GitHub team managed through the [Team Repository](https://github.com/rust-lang/team) and granting that team appropriate permissions to all appropriate repos. Another way is to create tooling that will allow a member of the moderation team to selectively and temporarily gain the access that they need when it is needed (such as deleting a comment or issue). For now, we are proceeding with managing access to repos for moderation through a GitHub team, however, should it be needed, we can develop tooling to apply more fine grained and time limited access. -Rust teams that need broad access to public Rust-Lang repositories - such as the moderation team - should create a GitHub team managed through the [Team repository](https://github.com/rust-lang/team) - and grant that team access to all appropriate repositories. +Bot accounts controlled by the Infrastructure Team (such as the [Rust High Five Bot](https://github.com/rust-highfive)) can be granted any level of access required for them to work at the discretion of the Infrastructure Team. # Drawbacks [drawbacks]: #drawbacks From f2c4c4fbd3fd4c37eb746d5f930dd3edf100c3a0 Mon Sep 17 00:00:00 2001 From: Eric Huss Date: Sat, 9 Mar 2024 10:47:34 -0800 Subject: [PATCH 07/11] Rename 2872 --- ...{0000-github-access-policy.md => 2872-github-access-policy.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename text/{0000-github-access-policy.md => 2872-github-access-policy.md} (100%) diff --git a/text/0000-github-access-policy.md b/text/2872-github-access-policy.md similarity index 100% rename from text/0000-github-access-policy.md rename to text/2872-github-access-policy.md From 70e6e43a012f8ade65a021f53b2af9ec0845db67 Mon Sep 17 00:00:00 2001 From: Eric Huss Date: Sat, 9 Mar 2024 10:56:16 -0800 Subject: [PATCH 08/11] Drop the owner account requirement. In consultation with the infra team at https://rust-lang.zulipchat.com/#narrow/stream/242791-t-infra/topic/GitHub.20access.20policy we have decided to separate this concern out. --- text/2872-github-access-policy.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/text/2872-github-access-policy.md b/text/2872-github-access-policy.md index 839b2f792ba..a295bc0efbf 100644 --- a/text/2872-github-access-policy.md +++ b/text/2872-github-access-policy.md @@ -27,10 +27,6 @@ All members of the [Core Team](https://github.com/rust-lang/team/blob/master/tea Selected members of the [Infrastructure Team](https://github.com/rust-lang/team/blob/master/teams/infra.toml) can also be organization owners if their work requires it. -Owners should use a separate account from their main GitHub account dedicated to managing the organization. The reason for this is many GitHub users use their account with other [GitHub apps](https://developer.github.com/apps/about-apps/#about-github-apps) (the risk is even greater with [OAuth apps](https://developer.github.com/apps/about-apps/#about-oauth-apps)). It is extremely difficult for a user to ensure their GitHub account has not been compromised - as shown in this [threat model](https://github.com/mozilla-services/GitHub-Audit/blob/master/docs/threat.md). As a result of this, the separate owner account may not be used with any OAuth or GitHub applications and it may not be used to commit code. The intent is to reduce the risk of a compromise of an account with full owner permissions to all repositories in the Rust-Lang org. - -If a non-owner account has extensive permissions in the Rust-Lang org, we recommend using GitHub apps and OAuth apps with caution. - All GitHub accounts used to interact with the Rust-Lang GitHub organization (owner or non-owner) must have 2FA enabled. ### Rust-Lang Repositories From 86b1be26c1deaacc71b6e2b106f40a52826f4795 Mon Sep 17 00:00:00 2001 From: Eric Huss Date: Sat, 9 Mar 2024 10:57:48 -0800 Subject: [PATCH 09/11] Drop "core team" org owner statement. We have decided that the leadership council does not get special access. --- text/2872-github-access-policy.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/text/2872-github-access-policy.md b/text/2872-github-access-policy.md index a295bc0efbf..190416df1f6 100644 --- a/text/2872-github-access-policy.md +++ b/text/2872-github-access-policy.md @@ -23,8 +23,6 @@ This policy applies to both the [Rust-Lang GitHub Organization](https://github.c Membership in the Rust-Lang GitHub organization is managed by the organization owners. -All members of the [Core Team](https://github.com/rust-lang/team/blob/master/teams/core.toml) have the right to be organization owners. - Selected members of the [Infrastructure Team](https://github.com/rust-lang/team/blob/master/teams/infra.toml) can also be organization owners if their work requires it. All GitHub accounts used to interact with the Rust-Lang GitHub organization (owner or non-owner) must have 2FA enabled. From 181851eedc61215901b8248d35d577df07c6c807 Mon Sep 17 00:00:00 2001 From: Eric Huss Date: Sat, 9 Mar 2024 13:19:13 -0800 Subject: [PATCH 10/11] Update for current status of the world, and add some clarifications. --- text/2872-github-access-policy.md | 52 ++++++++++++++++++++++--------- 1 file changed, 37 insertions(+), 15 deletions(-) diff --git a/text/2872-github-access-policy.md b/text/2872-github-access-policy.md index 190416df1f6..24f8c371671 100644 --- a/text/2872-github-access-policy.md +++ b/text/2872-github-access-policy.md @@ -6,55 +6,77 @@ This RFC proposes a policy for managing permissions to the [Rust-Lang GitHub Organization](https://www.github.com/rust-lang) and repositories within this organization. -This RFC was written in consultation with the Governance Working Group and the Infrastructure team. Most discussion took place on [this issue](https://github.com/rust-lang/wg-governance) and [this pull request](https://github.com/rust-lang/wg-governance/pull/42). +This RFC was written in consultation with the Governance Working Group and the Infrastructure team. Most discussion took place on [this issue](https://github.com/rust-lang/wg-governance/issues/4) and [this pull request](https://github.com/rust-lang/wg-governance/pull/42). # Motivation [motivation]: #motivation -Access control for the [Rust-Lang GitHub Organization](https://www.github.com/rust-lang) and repositories within that organization is currently managed ad-hoc. We need a policy that defines how these accesses are granted and managed. This will allow us to have greater security in permissions to our GitHub org and also allow the infra team to build appropriate tooling to automate access control when possible. +Access control for the [Rust-Lang GitHub Organization](https://www.github.com/rust-lang) and repositories within that organization is currently managed either through the [rust-lang team database][db], or ad-hoc via the GitHub UI by the org administrators. We need a policy that defines how these accesses are granted and managed. This will allow us to have greater security in permissions to our GitHub org, and provide transparency and clarity on how access is managed. + +[db]: https://github.com/rust-lang/team/ # Guide-level explanation [guide-level-explanation]: #guide-level-explanation ## Rust-Lang GitHub Permissions Policy + This policy applies to both the [Rust-Lang GitHub Organization](https://github.com/rust-lang/) and all repositories within that organization. ### Rust-Lang Organization -Membership in the Rust-Lang GitHub organization is managed by the organization owners. +Access to the Rust-Lang GitHub organization is managed with the [rust-lang team database][db]. The team database is managed by the [team-repo-admins], whose policies are specified in the [Team Maintenance] documentation. -Selected members of the [Infrastructure Team](https://github.com/rust-lang/team/blob/master/teams/infra.toml) can also be organization owners if their work requires it. +Selected members of the [Infrastructure Team] can also be organization owners if their work requires it. All GitHub accounts used to interact with the Rust-Lang GitHub organization (owner or non-owner) must have 2FA enabled. +[team-repo-admins]: https://github.com/rust-lang/team/blob/master/teams/team-repo-admins.toml +[Team Maintenance]: https://forge.rust-lang.org/infra/team-maintenance.html +[Infrastructure Team]: https://github.com/rust-lang/team/blob/master/teams/infra.toml + ### Rust-Lang Repositories -Access to and permissions for repositories within the Rust-Lang organization must be administered through GitHub teams, rather than through individual GitHub accounts. Note that this refers to the GitHub notion of teams, not the Rust governance structure notion of teams. Rust-Lang GitHub teams are administered through the [Team repository](https://github.com/rust-lang/team). +Access to and permissions for repositories within the Rust-Lang organization must be administered through the [rust-lang team database][db]. Permissions should not be given to individuals, only to teams or groups. GitHub provides several permission levels for access to a repository. Please refer to [GitHub's documentation](https://help.github.com/en/github/setting-up-and-managing-organizations-and-teams/repository-permission-levels-for-an-organization) for details on permission levels and what each level can do. Repositories in the Rust-Lang organization should follow these permission guidelines: -* **Admin** - only Rust team or working group leads should have this permission level -* **Write** - contributors within GitHub teams may have this permission level at the discretion of the team leads. Members of the triage team should also ge given this level of access so they have the ability edit issue descriptions. -* **Read** - by default, everyone should have access to read repositories +* **Admin** --- No users or teams except for org admins should have this permission level. +* **Maintain** --- Teams may have this permission level at their discretion for repositories the team is responsible for. + Repositories using the [bors] bot may want to consider using the *write* permission level instead in order to deactivate the "Merge" button on PRs to enforce that merges go through bors. +* **Write** --- Teams that are responsible for a repository should have at least this permission level. +* **Triage** --- This role is available if teams want to give these permissions to other teams, such as for triage support. Unfortunately this role does not allow contributors to edit issue descriptions or titles, so its utility for that purpose is limited. +* **Read** --- This role is unnecessary, and should not be used (it is generally only relevant to private repositories, and we do not have a use case for it). -GitHub does provide another permission level - Triage - which is geared toward contributors involved in issue and pull request management. This permission level unfortunately does not allow contributors to edit issue descriptions, which is something Rust's triage teams do frequently. Therefore, contributors in triage roles should be assigned "Write" permissions, rather than "Triage" permissions. +Teams who are responsible for a repository may give access to other teams at their discretion. + +Teams or groups may ask for repositories to be created to fulfill their needs by opening a PR to the [Team Repository][db]. It is up to the team-repo-admins to approve creating the repositories. Existing repositories that need to be transferred from outside the rust-lang organization should consult with the Infrastructure Team to fulfill that request. By default, repositories should be public and allow read access to all. When needed, some repositories can have limited read access (i.e. repositories related to security). -Some teams - such as the moderation team - need broad access to public Rust-Lang repositories. The first way to manage this is through creating a GitHub team managed through the [Team Repository](https://github.com/rust-lang/team) and granting that team appropriate permissions to all appropriate repos. Another way is to create tooling that will allow a member of the moderation team to selectively and temporarily gain the access that they need when it is needed (such as deleting a comment or issue). For now, we are proceeding with managing access to repos for moderation through a GitHub team, however, should it be needed, we can develop tooling to apply more fine grained and time limited access. +Some teams - such as the moderation team - need broad access to public Rust-Lang repositories. The first way to manage this is through creating a GitHub team managed through the [Team Repository][db] and granting that team appropriate permissions to the appropriate repos. Another way is to create tooling that will allow a member of the moderation team to selectively and temporarily gain the access that they need when it is needed (such as deleting a comment or issue). For now, we are proceeding with managing access to repos for moderation through a GitHub team, however, should it be needed, we can develop tooling to apply more fine grained and time limited access. + +Bot accounts controlled by the Infrastructure Team (such as the [triagebot]) can be granted any level of access required for them to work at the discretion of the Infrastructure Team. -Bot accounts controlled by the Infrastructure Team (such as the [Rust High Five Bot](https://github.com/rust-highfive)) can be granted any level of access required for them to work at the discretion of the Infrastructure Team. +[bors]: https://github.com/rust-lang/homu +[triagebot]: https://forge.rust-lang.org/triagebot/index.html + +## Implementation + +It is the responsibility of the Leadership Council, the Infrastructure Team, and the team-repo-admins to finish the migration to implement this policy. New teams may need to be created, which is outside the scope of this RFC to define. # Drawbacks [drawbacks]: #drawbacks -This policy would add more structure to managing GitHub permissions for both the [Rust-Lang GitHub Organization](https://github.com/rust-lang) and all repositories within it. Some might find this structure slows them down and alters their current workflow. +There can be exceptional cases where a team wants to give repository access to an individual to assist with their work. Requiring them to join or create a team in order to perform that work can be a significant hassle. Teams who find they need this frequently should consider creating a "contributors" subteam for that purpose, or to investigate other tooling to assist with what they need. # Unresolved questions [unresolved-questions]: #unresolved-questions -- Should these rules applied to Rust-Lang affiliated repositories and organizations that are outside of the [Rust-Lang GitHub Org](https://www.github.com/rustlang)? -- Should we automate this process? -- How do we ensure that changes to the [Teams Repository](https://github.com/rust-lang/team) are reviewed and merged promptly? \ No newline at end of file +- Should these rules applied to Rust-Lang affiliated repositories and organizations that are outside of the [Rust-Lang GitHub Org](https://www.github.com/rust-lang), such as [rust-embedded](https://github.com/rust-embedded)? + +# Future possibilities + +- [Custom GitHub Roles](https://docs.github.com/en/enterprise-cloud@latest/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/about-custom-repository-roles) could be created for use cases where the existing roles do not suffice. +- Extend tooling, such as [triagebot], to provide extended permissions that are not normally available (for example, it currently offers [labeling](https://forge.rust-lang.org/triagebot/labeling.html)). From a35f92ee3e54acbe7011b4a0d563b7442d7dba46 Mon Sep 17 00:00:00 2001 From: Eric Huss Date: Sat, 13 Apr 2024 10:42:13 -0700 Subject: [PATCH 11/11] org admin -> org owner Use correct GitHub terminology. Owner is an entity, admin is a role. Owners have admin permissions. --- text/2872-github-access-policy.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/text/2872-github-access-policy.md b/text/2872-github-access-policy.md index 24f8c371671..1597c7affec 100644 --- a/text/2872-github-access-policy.md +++ b/text/2872-github-access-policy.md @@ -11,7 +11,7 @@ This RFC was written in consultation with the Governance Working Group and the I # Motivation [motivation]: #motivation -Access control for the [Rust-Lang GitHub Organization](https://www.github.com/rust-lang) and repositories within that organization is currently managed either through the [rust-lang team database][db], or ad-hoc via the GitHub UI by the org administrators. We need a policy that defines how these accesses are granted and managed. This will allow us to have greater security in permissions to our GitHub org, and provide transparency and clarity on how access is managed. +Access control for the [Rust-Lang GitHub Organization](https://www.github.com/rust-lang) and repositories within that organization is currently managed either through the [rust-lang team database][db], or ad-hoc via the GitHub UI by the org owners. We need a policy that defines how these accesses are granted and managed. This will allow us to have greater security in permissions to our GitHub org, and provide transparency and clarity on how access is managed. [db]: https://github.com/rust-lang/team/ @@ -42,7 +42,7 @@ GitHub provides several permission levels for access to a repository. Please ref Repositories in the Rust-Lang organization should follow these permission guidelines: -* **Admin** --- No users or teams except for org admins should have this permission level. +* **Admin** --- No users or teams except for org owners should have this permission level. * **Maintain** --- Teams may have this permission level at their discretion for repositories the team is responsible for. Repositories using the [bors] bot may want to consider using the *write* permission level instead in order to deactivate the "Merge" button on PRs to enforce that merges go through bors. * **Write** --- Teams that are responsible for a repository should have at least this permission level.