GitHub org owner discussion

[Janik-Haag]

On the 05.02 I asked in the Nix Platform Governance matrix room if we should drop @rbvermaa from the github org owners because they are inactive for a few years and also aren't responding to nixpkgs#88867. There was mostly feedback pro dropping and considering giving back the permissions if they get more active again. @RaitoBezarius said:

I asked again during infrastructure catchup regarding this topic, notably in the context of asking myself to become a GitHub org owner @zimbatm is thinking about my proposal, and I suppose that involves thinking about this particular problem you mentioned too

[rbvermaa]

On the 05.02 I asked in the Nix Platform Governance matrix room if we should drop @rbvermaa from the github org owners because they are inactive for a few years and also aren't responding to nixpkgs#88867. There was mostly feedback pro dropping and considering giving back the permissions if they get more active again. @RaitoBezarius said:

I asked again during infrastructure catchup regarding this topic, notably in the context of asking myself to become a GitHub org owner

@zimbatm is thinking about my proposal, and I suppose that involves thinking about this particular problem you mentioned too

Feel free to remove, access can be restored if/when needed. Cheers, Rob

[zimbatm]

Indeed, Rob, you're welcome back anytime!

I updated the list, and here are the current members:

Ideally, we would deploy something like https://github.com/NixOS/nixos-org-configurations/issues/310 to make these things transparent.

@RaitoBezarius if you could describe the use-cases where you thought "I wish I had owner access", that would be super helpful

[RaitoBezarius]

@zimbatm I have multiple plans:

Firstly, I'd like to unblock the process of creating projects in nixos/nixpkgs and making them public, this is blocked on having an org owner (and I pinged you multiple times to unblock me on that), this works if someone has a quick and easy access to an org owner, but this also creates the situation that people just stop doing that and we have increased fragmentation of where is information being tracked on a certain large scale change. I'm usually (very) active in daily operations of nixpkgs compared to the current organization owners.

Secondly, among the current list, beyond you and Domen sometimes, I don't think I have seen any activity anymore from others w.r.t. to org owner operations. It would be nice if we can have their perspective on their org owner roles.

Thirdly, I would like to review all the options and knobs we have as a large GitHub organization and see what are the areas of improvements, see https://docs.github.com/en/organizations for the full documentation. I mentioned multiple times that it would be good to exploit custom organization roles or custom repository roles, but I think no one was able to take a look at it, understandably, this is much easier when you have the actual entity in front of your eyes for review and see what is feasible and what is not.

In general, you mentioned personal security last time, I would like as an observer to ensure that everyone is using 2FA or perform a rollout of mandatory 2FA to all org owners (is it already the case maybe?), I would like to look and ensure that we have ways to mirror GitHub whole metadata of our organization, if we need it someday. There's a lot of valuable information about the teams, etc.

Also, I hope to be able to perform various cleaning up tasks of the current teams (with the approval of their members, of course) structure and facilitate the emergence of new teams and strengthen the automation between nixpkgs and this system (because we have two systems right now).

That's all, I have off the top of my head, I may have other plans which I would share as they happen to come by. :)

[zimbatm]

Thanks :+1: I remember having the same sentiments where I just wanted to get things done and was blocked by the owners, so I can empathise with wanting to get that freedom. There are too many places in the NixOS project where momentum gets killed because people are not empowered or there is no clear guideline on how to get things done or the guideline is too process-heavy (eg: RFC).

At the same time, giving you access won't address the lack of processes, it's just perpetuating the same issue but onto you. Are we able to reduce the list of org owners to a bot account (held by the NixOS Foundation), and then automate the hell out of the rest? It doesn't need to be a blocker, but I would love to work on this with you.

Quickly on the rest:

• 2FA is enforced org-wide
• Roles are only available to Enterprise plans. Maybe you or @refroni can help us there?
• +100 on having 1:1 mappings between nixpkgs teams and GitHub.

[RaitoBezarius]

At the same time, giving you access won't address the lack of processes, it's just perpetuating the same issue but onto you. Are we able to reduce the list of org owners to a bot account (held by the NixOS Foundation), and then automate the hell out of the rest? It doesn't need to be a blocker, but I would love to work on this with you.

No problem to work on that, but I don't see that mutually exclusive with giving access to someone active right now and working on this. If anything, this would make my work easier to automate things and decrease the reliance on org owners.

But without it, I fear this is like the Hydra replica stuff where I spent some time on the remote signing work (and Cole too) and we are now blocked on lift to staging mostly and having proper accesses to do things.

Hence, I am happy to work on reducing the reliance on org owner and automating as much as possible realistically, but also, I would still like to have the access for the time being as we move through this.

Otherwise, I am happy with a clear no, too.

[refroni]

Jumping in on the comment from @RaitoBezarius

review all the options and knobs we have as a large GitHub organization and see what are the areas of improvements

and @zimbatm

Roles are only available to Enterprise plans. Maybe you or @refroni can help us there?

Would a sync with the Github team be a good next step to understand what's available and see if there are certain items we can explore? I'm sure they'd also have additional wisdom to bring in from interactions with other large organizations.

[RaitoBezarius]

Jumping in on the comment from @RaitoBezarius

review all the options and knobs we have as a large GitHub organization and see what are the areas of improvements

and @zimbatm

Roles are only available to Enterprise plans. Maybe you or @refroni can help us there?

Would a sync with the Github team be a good next step to understand what's available and see if there are certain items we can explore? I'm sure they'd also have additional wisdom to bring in from interactions with other large organizations.

Yes, for sure, available when needed for this. :)

[zimbatm]

For transparency, I also removed @grahamc while working on something on the NixOS/org project today and saw your name. At the moment, I thought you wouldn't mind since you weren't active in the project for a long time. And since you're so busy and slow to reply to notifications, it seemed easier just to remove you than to add more noise. But if you read this, I hope you don't mind.

[grahamc]

Thanks! Good idea.

On Fri, Apr 26, 2024, at 7:16 PM, Jonas Chevalier wrote:

For transparency, I also removed @grahamc https://github.com/grahamc while working on something on the NixOS/org project today and saw your name. At the moment, I thought you wouldn't mind since you weren't active in the project for a long time. And since you're so busy and slow to reply to notifications, it seemed easier just to remove you than to add more noise. But if you read this, I hope you don't mind.

— Reply to this email directly, view it on GitHub https://github.com/NixOS/foundation/issues/122#issuecomment-2080223909, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAASXLGHIS6KEYBKZFGNEK3Y7LN3FAVCNFSM6AAAAABDBZR4S6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOBQGIZDGOJQHE. You are receiving this because you were mentioned.Message ID: @.***>