IETF Logo Mail Archive

Re: [Ietf-and-github] Rules regarding ownership of orgs

"Rob Wilton (rwilton)" <rwilton@cisco.com> Wed, 18 March 2020 17:11 UTC

Return-Path: <rwilton@cisco.com>
X-Original-To: ietf-and-github@ietfa.amsl.com
Delivered-To: ietf-and-github@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 981033A192D for <ietf-and-github@ietfa.amsl.com>; Wed, 18 Mar 2020 10:11:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.6
X-Spam-Level:
X-Spam-Status: No, score=-9.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=I+q7wDWh; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=Gpxghuai
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W0w4xcDgCZZ2 for <ietf-and-github@ietfa.amsl.com>; Wed, 18 Mar 2020 10:11:50 -0700 (PDT)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7EDD93A1930 for <ietf-and-github@ietf.org>; Wed, 18 Mar 2020 10:11:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3696; q=dns/txt; s=iport; t=1584551510; x=1585761110; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=UAf4A6o4y5mbQPxkLJS0dcFo1dkkhwuug3I8AjTb3Ds=; b=I+q7wDWhPhBElZYX6jkNcy+1Z0j4B4yZvtj9gUuXEWiTNEpAX34j624A 7AgZjGug+kzvtwhnZOu8AeYffQgHRJbFuveKEbwDYwUdA6ebT46gsJIKY Kn59Bg4KTNw3uo9paaMNynBOMqcNMVtKGRk83TzO4a6XWRi1l0xGwzpZa U=;
IronPort-PHdr: 9a23:Gk4kdh+WdjBQSP9uRHGN82YQeigqvan1NQcJ650hzqhDabmn44+8ZB7E/fs4iljPUM2b8P9Ch+fM+4HYEW0bqdfk0jgZdYBUERoMiMEYhQslVdSaCEnnK/jCZC0hF8MEX1hgrDm2
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CbBQDKVXJe/5pdJa1mHAEBAQEBBwEBEQEEBAEBgXuBVFAFgUQgBAsqCoQMg0UDim2CX5gYglIDVAkBAQEMAQEtAgQBAYRDAheBfyQ4EwIDAQELAQEFAQEBAgEFBG2FVgyFYwEBAQECARIREQwBATcBCwQCAQgRBAEBAwImAgICMBUICAIEAQ0FCBqFTwMOIAEDonsCgTmIYnWBMoJ/AQEFhQUYggwJgQ4qiWN4gVMagUE/gRFHgk0+hE2DDzKCLJByn1MKgjyXFZtJjwabXwIEAgQFAg4BAQWBaSKBRAwIcBWDJ1AYDY4dg3OKVXSBKY0dAYEPAQE
X-IronPort-AV: E=Sophos;i="5.70,568,1574121600"; d="scan'208";a="473935496"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 18 Mar 2020 17:11:49 +0000
Received: from XCH-ALN-003.cisco.com (xch-aln-003.cisco.com [173.36.7.13]) by rcdn-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id 02IHBnaQ002680 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 18 Mar 2020 17:11:49 GMT
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by XCH-ALN-003.cisco.com (173.36.7.13) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 18 Mar 2020 12:11:49 -0500
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 18 Mar 2020 12:11:48 -0500
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Wed, 18 Mar 2020 13:11:48 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=J/+5hmwR/rlCutgkNoNqpT//eZnVJj64bEcAlmI0MBe/B8YHqbLLXW/nFmHqKvGoUYSJjhlb3blv+RmP2UZ1ivEZ/WcLBXLyax+suhJOYbKDeBKnSPDPKjevtCf2qssE0dPs9XxUFiHbOEI/qPxTLCf9NzEzZlouxMi4j74y5oDojRg7AccJEt6OUdfkZbv4qlMCrVOBn472qy0SyxVbIvUeg/pxhFDYQMRVHtUQxPVaTDDHolPbFXCrGTHsURy3F+alAb4upXTY0IPO35o/wxlhg/bnRlGlUBF+go6umMvGmivfRQqdIztKdFUnRWOs3ZqzztiVUDKxazGk199b9A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UAf4A6o4y5mbQPxkLJS0dcFo1dkkhwuug3I8AjTb3Ds=; b=h0+dTnGTv5tX/3vN6jcpUojqE/P3G/iPtbfU1UzhluZiaG0QIx5hpkAtO1auF+0LT62AJocPgzrrSYwMyKm1Z6roBzUPO2nl0nBWJd14FLCNriIrwT/fhQf05vlDDhzzaWYSNIBITtL4SsbR3KR3Y/Q2L9+EAwVjAc9/Szbhhq5YSOHmRZCLBP0Wtht2Lr3sqBYC10Pyps9d6+Pc2NeS2MJxz7/YJHLU5+57e5SupNV2d8Afdkk4dlrwYXIpyg3NoVjjIln5aRWRTdPIdOJtJwG5YtbYtLSQcZxqfGmfQuFRfoal3fmLOm8P4liBxFVydUdxUEa3DS7Z3MTd0uGisA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UAf4A6o4y5mbQPxkLJS0dcFo1dkkhwuug3I8AjTb3Ds=; b=GpxghuainMr/hK7X0tAKQgCiwXKyZSs6EIpxUqFDCO4wML7kcAwWJxUhfJSwv79W/RsMde9TBXbrO54sZfc5HNJpYq5/w0uUq/j8Lj2LpEwSSd+o2LMH6eeBPUBCE0ML2YUDVTrXgzRPIZqz6YSzjN/eVIly3W+7sllX8vFxLwc=
Received: from MN2PR11MB4366.namprd11.prod.outlook.com (2603:10b6:208:190::17) by MN2PR11MB3934.namprd11.prod.outlook.com (2603:10b6:208:152::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2814.22; Wed, 18 Mar 2020 17:11:47 +0000
Received: from MN2PR11MB4366.namprd11.prod.outlook.com ([fe80::3:2164:a8e2:33b3]) by MN2PR11MB4366.namprd11.prod.outlook.com ([fe80::3:2164:a8e2:33b3%5]) with mapi id 15.20.2835.017; Wed, 18 Mar 2020 17:11:47 +0000
From: "Rob Wilton (rwilton)" <rwilton@cisco.com>
To: "Salz, Rich" <rsalz@akamai.com>, Warren Kumari <warren@kumari.net>
CC: Eric Rescorla <ekr@rtfm.com>, "ietf-and-github@ietf.org," <ietf-and-github@ietf.org>, Martin Thomson <mt@lowentropy.net>
Thread-Topic: [Ietf-and-github] Rules regarding ownership of orgs
Thread-Index: AQHV+0fVOrEs0dx38kq7fR7QMBYfoahLQTKAgADvHQCAAKejAIAATLIAgAABkYCAAAMkgIABJvswgAAgXQCAABI5cIAAC3gAgAAFm+A=
Date: Wed, 18 Mar 2020 17:11:46 +0000
Message-ID: <MN2PR11MB4366DFBC06935DBC0903290EB5F70@MN2PR11MB4366.namprd11.prod.outlook.com>
References: <26230b6d-d241-40d9-9290-0c91fdb8e88e@www.fastmail.com> <E4B2E3EC-5338-4C4A-B404-A64E308D9A10@akamai.com> <d5742dbd-bd7c-425a-8588-91d05da93323@www.fastmail.com> <CABcZeBN7U2m7bZ4p6Mwd+hkFgPGO2re=fhEwN=PYwFBs5eLbTw@mail.gmail.com> <CAHw9_iK8ZwsZBM30Rr-BGbHRBKQ0N3mCJEjSicN+JyJZF_o6dw@mail.gmail.com> <DFA1937A-882E-402A-870E-BA2EADAFFDE2@akamai.com> <CAHw9_iLNbNk-JFOsdvZULQmKw=GkOnKwHhuGcfhsMxPFtO-xFw@mail.gmail.com> <MN2PR11MB4366CE798B670F7D3FAD2DD8B5F70@MN2PR11MB4366.namprd11.prod.outlook.com> <6E4AF1D6-F071-45D4-B613-8D74822134F1@akamai.com> <MN2PR11MB4366E2EF8B913EDA0ECC8389B5F70@MN2PR11MB4366.namprd11.prod.outlook.com> <99DC08EB-DC03-4E83-9F9C-307ACA684FF3@akamai.com>
In-Reply-To: <99DC08EB-DC03-4E83-9F9C-307ACA684FF3@akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=rwilton@cisco.com;
x-originating-ip: [82.15.79.32]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 938eb004-00f8-4763-e9e0-08d7cb5f70f6
x-ms-traffictypediagnostic: MN2PR11MB3934:
x-microsoft-antispam-prvs: <MN2PR11MB393481F47FF23E8BFC99536CB5F70@MN2PR11MB3934.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 03468CBA43
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(39860400002)(376002)(136003)(346002)(366004)(199004)(81156014)(81166006)(8936002)(71200400001)(316002)(478600001)(54906003)(33656002)(110136005)(9686003)(186003)(76116006)(6506007)(55016002)(53546011)(26005)(2906002)(4326008)(8676002)(5660300002)(86362001)(64756008)(52536014)(66476007)(66556008)(7696005)(66446008)(66946007); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB3934; H:MN2PR11MB4366.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 6gav2c2kCymTRnxl0toX9pulfOhbRnpCoGt6CHLhCyA876arRT38S+EFMGzootrSUzHdvG+IfbbolzSDugGePDHXAmcmgCbqkkB/Ut1ApDC37LGgR+wwp4SsWc8vs5CtQB/qIs8Q+/d9QN5zy6YCdSczC88YgJ1YFnzCD4mYfwzkV9n8q4YvcErv10ausgptHmL035W8ZKluMON4ZJgkTucv0iBJQ0PzApO9dZ3obn4Y7p2WFkh2euWt460BgrFnNYbJC8ZPH4Y67+DUngUaXeFmsDL4DL0TM/3lCJGAnDCnDRL1Gwzc9uzTpXi7zfuIZhzXI4c7+n4lCfVev/dHTj1DmVembTtP3S7XJnlzGySh0iR/jQ8T92m6dtLlgfjiQ2+QhKfNHRbszIOhgBK6w68Ar5ZRyChZ3Qd6w4bzf68iS112KJ9tT2F+U25SiXH/
x-ms-exchange-antispam-messagedata: DpcStavCwc5IE4mHHhQRYmf9zYgnmhTGOsIVvgcM1Q5WKolbQziwoEEKdrLORpSpQCheW/+yanYBc7Teu724DlBrJTbEi8V/YxCeM9t0BBiT3p92AgxRV4pKcg88d0xvabqdtBNEoGUsJjEqFNJWXQ==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 938eb004-00f8-4763-e9e0-08d7cb5f70f6
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Mar 2020 17:11:47.0128 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Y5oe3qYtdpfT0dzYWUn9niv8gtyoMU/NBLeRFqH7KHZ7cPiW2NgrRkcRhvj7CdaYAwRmD0I6oZLpaKWxmpKNWg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB3934
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.13, xch-aln-003.cisco.com
X-Outbound-Node: rcdn-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-and-github/OhMRYMolPXISOvKVVZtxPIjx5FI>
Subject: Re: [Ietf-and-github] Rules regarding ownership of orgs
X-BeenThere: ietf-and-github@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of using GitHub in IETF activities, particularly for Working Groups" <ietf-and-github.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-and-github>, <mailto:ietf-and-github-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-and-github/>
List-Post: <mailto:ietf-and-github@ietf.org>
List-Help: <mailto:ietf-and-github-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-and-github>, <mailto:ietf-and-github-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Mar 2020 17:12:03 -0000


> -----Original Message-----
> From: Salz, Rich <rsalz@akamai.com>
> Sent: 18 March 2020 16:30
> To: Rob Wilton (rwilton) <rwilton@cisco.com>; Warren Kumari
> <warren@kumari.net>
> Cc: Eric Rescorla <ekr@rtfm.com>; ietf-and-github@ietf.org, <ietf-and-
> github@ietf.org>; Martin Thomson <mt@lowentropy.net>
> Subject: Re: [Ietf-and-github] Rules regarding ownership of orgs
> 
> >    Isn't that a split between organizational owner vs admins?
> 
> I could well be wrong here.  HOWEVER, it seems likely that the WG chair
> will be creating the organization, and therefore be an owner.  There's
> lots of room for customization and tweaks (GitHub bikeshedding?), and the
> draft doesn't suggest how to do *everything.*  Tools like Martin's, or my
> scripts, help codify things, but the WG chair still has, rightly so, a
> great deal of leverage to set up the GH organization as they see fit.
> Those things together indicate, to me, that they need to own the
> organization and repo's within it.
[RW] 

git-github-wg-configuration-06 section 2.1 suggests that the WG chairs should be able to request creation of the GitHub organization from Datatracker.  I.e. the secretariat would end up either directly or indirectly creating the WG github organization.

Conversely, an Ops WG recently created the Github org with the chairs as owners and also added me as owner, as the incoming responsible AD.  I'm absolutely fine with this, although once this doc is published, I will recommend that the Secretariat is also added as an owner.

> 
> >    What you are proposing seems to be a larger change, i.e. taking the
> ADs
>     out of the loop altogether?
> 
> That wasn't my intent.  There are three potential groups to be owners: WG
> chair, AD, secretariat. I was only suggesting a minimum number and
> pointing out the pool of candidates to be owner.

I don't have a problem with WG chairs also being owners, but I don't see that it is required, they just have to be admins.

I do think that the responsible AD MUST be an owner, and if we are happy with the security aspects then having the Secretariat as another MUST is okay.  I don’t think that we want too many owners.  I've not checked, but I presume that an owner has permissions to add/remove other owners, so spreading ownership too wide doesn't really make sense to me, because it just seems to increase the attack surface of accounts that could be compromised and then cause havoc.

Regards,
Rob [No hats]


> 
> >    administration, but it will seem to be somewhat strange if the github
>     organization hierarchy doesn’t somewhat match the IETF organizational
>     hierarchy.
>

v2.23.0 | Report a Bug | By Email