110 likes | 124 Views
This proposal suggests removing admin privileges for repositories from teams and outside collaborators in order to enhance security and minimize the management overhead of the IOOS GitHub Organization. The proposal also includes considerations for defining IOOS Organization members and enforcing two-factor authentication.
E N D
IOOS GitHub Organization & Q/A DMAC Meeting 2017
IOOS GitHub Organization • 47 Organization Members • 9 Outside Collaborators • 81 Repositories • 18 Teams • 6 Organization Owners • 9 Members with 2FA Current Privileges: • Members cannot create new repos • Default member repo permission: None • Require 2 factor authentication: No
Great, why is that all a problem? • Organization members can: • create new teams • become team maintainer • Teams or Members with Admin permissions to a repository can: • delete the repository • add or remove outside collaborators from a repository • transfer repositories into and out of the organization • add that repository to any team they belong to • change repository settings (webhooks, deploy keys, integrations, etc) • Team Maintainers can: • add organization members to a team • add repository access (Admin, R, W) to the team (if they have Admin access to the repository) • re-instate former organization members • promote an existing member to team maintainer
Safeguards currently in place • Members cannot create new repositories • Members do not have any default repository permissions • Only Org Owners can invite new members to the organization • Only Org Owners can assign Admin permissions for a Member or Team to a repository • …
What are the risks? • Repository Admin privileges assigned to any Teams and Outside Collaborators mean: • Any of these are able to delete our repositories • Any of these can add additional outside collaborators to a repository and give them Admin privileges to that repo (then, see previous bullet) • Any of these can modify repository settings to enable third party integrations, web hooks, or deploy keys (which can circumvent role based security protections at any time thereafter) • We need to keep in mind the possibility of a change in our ability to use GitHub
Path forward for managing IOOS GitHub • Question: how can we keep IOOS GitHub Organization secure while minimizing overhead to manage it and allow contributors to contribute?
Proposal • Remove Admin privileges to repositories from all teams/outside collaborators What this means: • Repository Admin privileges are restricted to IOOS Organization Owners only • Allow teams to grow/manage themselves freely within organization (but without Admin rights) • Organization Owners would be needed to assign repository access to teams or outside collaborators, as well as manage all individual repository settings (integrations, deploy keys, etc) • This is the only way to assure that the power to delete repositories is given only to Owners, and can’t grow as members are added to teams with Admin privileges to repositories
Other Considerations • Decide what is the definition of an IOOS Organization ‘Member’ on GitHub: any thoughts? • Any existing members who don’t fit the definition must be moved to outside collaborator, or commit privileges removed so they must follow the GitHub PR workflow • 2 factor authentication enforcement?
DMAC Webinar Topics • What topics would you like to hear about and how to collect ideas? • Benefits or success stories from certifications? • Stories of RAs diversifying their data management funding from other agencies? • Topic ideas: email micah.wengren@noaa.gov
DMAC Meeting Feedback • Thoughts? • 3 day DMAC meeting pros/cons? • …
GitHub Teams Reference: • Team permissions: https://help.github.com/articles/permission-levels-for-an-organization/ • Repository permissions: https://help.github.com/articles/repository-permission-levels-for-an-organization/ • Team maintainer repo permissions: https://help.github.com/articles/managing-team-access-to-an-organization-repository/