whakkee
commented
11 years ago I agree, but if I click on that link, I get a 404 ;-)
Open ElDragonRojo opened 11 years ago
whakkee
commented
11 years ago I agree, but if I click on that link, I get a 404 ;-)
ElDragonRojo
commented
11 years ago Interesting. Thanks for testing that. I had a feeling that would happen, because you're not on the Owner's Team.
matteom
commented
11 years ago Yes, I think that this should be handled by different teams. It prevents not only malice, but also human error.
We are currently adding everyone we want to have repository access to the Owners Team, but we might be better off using a different team for that purpose, and limiting the Owners Team to the literal owners, i.e. the board members.
Here's why: according to the Owners Team page itself:
For many things, that's fine. That's what we intended. But we need to keep that in mind, and consider if granting some limited set of rights, and only on specific repositories, isn't a better strategy.
This line is what tells me we should limit the Owners Team to literal owners, because this team touches the finances.
Maybe at this point worrying about permissions seems like overkill, but I think it's a good opportunity to learn to use these tools as provided, because they will make us better prepared for whatever happens in the future—and probably forestall problems against which they were designed.