Opened 5 months ago
Closed 4 weeks ago
#3298 closed task (fixed)
Clean up list of GitHub OSGeo organization members with "owner" role
| Reported by: | neteler | Owned by: | |
|---|---|---|---|
| Priority: | critical | Milestone: | Unplanned |
| Component: | SysAdmin | Keywords: | GitHub |
| Cc: |
Description (last modified by )
We have a surprisingly long list of OSGeo Github organization members with "owner" role. Some of them (seem to) have left OSGeo many years ago, hence it becomes a security issue:
https://github.com/orgs/OSGeo/people?query=role%3Aowner
Suggestion: cleanup up this list and selectively downgrade their role to e.g. member since "owners" could even delete the entire OSGeo organization.
Some observations:
- one member does not even have 2FA activated. -> no-go
- some members are out of OSGeo for even a decade? -> downgrade or remove
Question: who decides about who is "owner", the board? --> https://wiki.osgeo.org/wiki/Board_Meeting_2024-12-30
Change History (5)
comment:1 by , 5 months ago
comment:2 by , 5 months ago
I agree we need to review this list. Let's bring it up in the next board meeting, perhaps we need a policy.
comment:3 by , 2 months ago
| Description: | modified (diff) |
|---|---|
| Priority: | normal → critical |
| Summary: | Clean up list of OSGeo GitHub repo members with "owner" role → Clean up list of GitHub OSGeo organization members with "owner" role |
comment:5 by , 4 weeks ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
The number has been reduced to 20 members.
Note:
See TracTickets
for help on using tickets.
I'm unclear who decides on this. I would assume the board is as good as any or the owners of OSGeo github org.
At anyrate I can't see anyone arguing that people who haven't been involved in OSGeo for many years should be owners. I would go ahead and remove them, perhaps note on this ticket who is being removed so people if they are paying attention can ask to be put back.