Nominate @spetrosi for foreman-documentation

Hi all,

@spetrosi has been assisting me by submitting PRs and also doing doc reviews. However, he does not have permissions to merge PRs that I raise and he reviews.

Could he please get the required permissions to help further?

Thanks,

Melanie

2 Likes

I’ve made you a maintainer of the documentation team so you can add new members as needed.

2 Likes

Thank you!

Thanks Tomer, problem is we can only add members of theforeman github organization.

I think this would be overkill, we have strict requirements (e.g. 2FA) therefore we added Sergei as a simple collaborator for the foreman-documentation github repository. I made Mel a repo administrator as well so she can add members as needed.

We require 2FA from anyone who can commit to any of the foreman organization repos to reduce possibility of a hacked github account compromising any of our repos’ content. I run an automated check every few months to make sure that is maintained. If needed adding people to the organization is easy and doesn’t grant any privillage other than automatically triggering CI runs. Anyone with commit access should enable 2FA (image someone commits some crypto miner or back door into the documentation repo using a hacked github account).

1 Like

Another reason we add people to the organization is that in Github we can check if it’s reasonable to trust their code before running tests. These policies are in place for security reasons. You are a repo administrator and we expect repo admins to uphold our security. There are various examples of major open source projects that were compromised where 2FA could have prevented it. Documentation is no exception because users often copy-paste examples to shells with root access.

1 Like

If the intention was to allow Mel or me to add to Documentation team, then teach me how to do that:

The point is, I am not allowed to invite/add people to the org. Therefore it looks like nomination is the right process to do.

I can confirm that @spetrosi has enabled 2FA.

Had no idea we have such tools/processes bound to GH org. Then let’s use the group for sure.

I think only org admins can add users to the org, feel free to ping @ekohl @ehelms or myself if needed.

We usually invite people to the organization after they have had two merged PRs, but we don’t have any tooling to automatically do it so please let us know if you notice someone who should become a member.

Ok let’s stick with nomination process then. I was asking because you appeared to tell Mel she can add people as needed. That’s not the case then and that’s fine. Thanks!

Mel, next time simply add few links to previous work of the nominee - reviews or PRs with work are the best.

1 Like