choldgraf
commented
2 years ago ping @rowanc1 who was asking about access to the npm repository I believe
Open choldgraf opened 3 years ago
choldgraf
commented
2 years ago ping @rowanc1 who was asking about access to the npm repository I believe
rowanc1
commented
2 years ago Thanks! I think at the very least we should have a project-leader/admin on all npm packages (thebe, mystjs, markdown-it-..., unified-myst) that can help out with setting up new maintainers over time.
choldgraf
commented
2 years ago Yeah I agree, the process that we roughly tend to follow in JupyterHub is that:
I think the main point is that you assume that team members can be trusted, and that the risk of a team member doing something they shouldn't is smaller than the risk of having information silos and bottlenecks of permissions.
rowanc1
commented
2 years ago I have turned the above npm repos into a list, and followed the guidance above (at least two project members on each).
stevejpurves
commented
2 years ago @choldgraf I've added you as an admin to thebe-core on npm and github.
Regarding thebe, the only maintainer there on npm is @minrk I think
minrk
commented
2 years ago I added @choldgraf and @stevejpurves to thebe, LMK if there's anything else you need
choldgraf
commented
2 years ago Many thanks @minrk and @stevejpurves / @rowanc1 for doing a round of access-sharing. I just confirmed that a bunch of people have edit access to the EBP Google Drive folder as well.
I also noticed that we have the ebp-bot to centralize access for github and pypi. What do folks think about doing this for Read the Docs and NPM as well?
Here are some next actions for myself and @chrisjsewell:
can you please:
ebp-bot on PyPI (https://pypi.org/user/ebp-bot/) and GitHub (https://github.com/ebp-bot)I'll tackle these:
ebp-bot:
ebp-bot to have permissions on the PyPI projectsebp-bot to have permissions on the ReadTheDocs projectsI've also decided to create two new places for conversation for the project. Both of them are Google Groups. I've set both groups to be post-able by anybody on the internet. I think groups will be easier to provide access to many people instead of using an individual email like executablebooks@gmail.com. Here's a summary of each group:
executablebooks-conduct: Used for reporting Code of Conduct violations and requests. Anybody in the internet can send messages to this group, but it is only visible to group members. Currently, the group members are the Project PIs (myself, @gregcaporaso and @jstac ). It's important to have a Code of Conduct contact that makes it clear who monitors and responds to the address. And since we have not yet designated a Code of Conduct committee, I think this group should be the project PIs for now.
executablebooks-team: Used for private communication between team members. This should only be used to discuss topics that must be private. Anybody can post to this group, but only group members can see posts. Currently this is everybody listed on the team page here as well as @gregcaporaso .I'll open up a PR to document this once we figure out the access stuff for the bots etc above.
rowanc1
commented
2 years ago Thanks @chrisjsewell for adding the markdown-it- repos! I think the only ones left to add are the unified-myst (https://www.npmjs.com/search?q=unified-myst) team account. That is likely something that should be shared with @choldgraf as well as that is much easier to have team administration on.
choldgraf
commented
1 year ago ebp-bot for centralizing access?It occurs to me that one approach we could take here is to use ebp-bot for as much as possible as the "minimal accounts with access" requirement for all of our accounts. Then as long as the steering council always has admin access to the ebp-bot, we do not need to do a huge update every time there is churn. For example, we could use ebp-bot as the primary pusher to PyPI and the main account on all ReadTheDocs sites.
Just writing this thought down so I don't lose it. Curious what others think.
choldgraf
commented
1 year ago I added the accounts for our various web domains to the top comment, since that's another shared resource that we use. I've noted that @rowanc1 has manager access to the namecheap account as well, so that he can set up the e-mail for our new google workspace account.
There are a few accounts that are generic to the Executable Books project. In some cases these are controlled by a single person, in some cases we have a generic EBP username, etc. We should share access and control of these accounts, and make them person-agnostic as much as possible so that we don't create bottlenecks and low bus factors.
While we do not want to casually give out access to services that can potentially do destructive actions, we should generally follow a practice of de-bottlenecking and increasing our bus factor for critical actions like publishing. For individuals that wish to have access, and are already trusted members of the team, we should just give it out.
We should document the services that have restricted access, who has access to it, and share access with other team members that want it.
Our goal is to have at least two team members with admin access to every account here.
Organization and administration
executablebooks@gmail.com(@chrisjsewell, see: https://github.com/executablebooks/meta/discussions/412)executablebooks.organdmyst.toolsdomain names (@choldgraf)Google Groups
executablebooks-conduct: Used for reporting Code of Conduct violations and requests. Anybody in the internet can send messages to this group, but it is only visible to group members. Currently, the group members are the Project PIs (myself, @gregcaporaso and @jstac )executablebooks-team](https://groups.go ogle.com/g/executablebooks-team): Used for private communication between team members. This should only be used to discuss topics that must be private. Anybody can post to this group, but only group members can see posts. Currently this is everybody listed on the team page here as well as @gregcaporaso .Development
executablebooksorgBot accounts
ebp-botGitHub account (https://github.com/ebp-bot)Access across many repositories
PyPIaccounts (mostly a combination of @chrisjsewell and @choldgraf )npmaccounts (@chrisjsewell and @rowanc1)Social media
@executablebooks-> @choldgraf has manager access@myst_tools-> @mikemorrison has manager accessWeb domains
executablebooks.org-> NameCheap, @choldgraf has ownership + @rowanc1 has manager accessjupyterbook.org-> NameCheap, @choldgraf has ownershipmyst-tools.org-> google domains, @rowanc1 and @choldgraf has access.