Clean up list of GitHub OSGeo organization members with "owner" role

[neteler]

We have a surprisingly long list of OSGeo Github organization members with "owner" role. Some of them (seem to) have left OSGeo many years ago, hence it becomes a security issue:

​https://github.com/orgs/OSGeo/people?query=role%3Aowner

Suggestion: cleanup up this list and selectively downgrade their role to e.g. member since "owners" could even delete the entire OSGeo organization.

Some observations:

• one member does not even have 2FA activated. -> no-go
• some members are out of OSGeo for even a decade? -> downgrade or remove

Question: who decides about who is "owner", the board? --> ​https://wiki.osgeo.org/wiki/Board_Meeting_2024-12-30

[robe]

I'm unclear who decides on this. I would assume the board is as good as any or the owners of OSGeo github org.

At anyrate I can't see anyone arguing that people who haven't been involved in OSGeo for many years should be owners. I would go ahead and remove them, perhaps note on this ticket who is being removed so people if they are paying attention can ask to be put back.

[kalxas]

I agree we need to review this list. Let's bring it up in the next board meeting, perhaps we need a policy.

[neteler]

Discussed at board meeting 2024-12-30:

• ​https://wiki.osgeo.org/wiki/Board_Meeting_2024-12-30#Reduce_number_of_members_with_.22owner.22_role_in_OSGeo_GitHub_organization

[neteler]

The number has been reduced to 20 members.

[wenzeslaus]

Any idea if a policy has been created?

The board meeting minutes say:

ACTION: All to review the list and make a policy draft

And the following meeting minutes say:

Number of owners has already been reduced. Issue fixed.

I didn't find further mentions of this in the following meetings.

Even without a policy, I must say I'm glad to see the immediate situation resolved.