Code Monkey home page Code Monkey logo

Comments (5)

tmilewski avatar tmilewski commented on May 27, 2024 1

One thing we need to keep in mind when transferring repositories over to the omniauth organization is that we'll also require access to cut new gems.

from omniauth-org.

md5 avatar md5 commented on May 27, 2024

Here's what I think moving a gem into the organization should look like:

  1. Create a new team in the organization for the gem maintainers
  2. Add all maintainers to the team
  3. Request that the maintainers add an Omniauth organization owner as an Outside Collaborator with Admin privileges
  4. Owner transfers the repository to @omniauth
  5. Owner grants the new team Admin access to the transferred repository

It's possible that there may be cases where we want an "admin" team that is separate from the "write" team for a particular gem or set of gems. It's also possible that step 3 and 5 may be unnecessary since we allow members to create new repositories. I believe that allows them to assign privileges to teams they are part of.

from omniauth-org.

md5 avatar md5 commented on May 27, 2024

@tmilewski I think the discussion of whether anyone needs to grant access to deploy gems is separate. I don't see the purpose of this organization as being centralized management of all things Omniauth, but rather an umbrella that makes it easier to find Omniauth-related gems.

from omniauth-org.

tmilewski avatar tmilewski commented on May 27, 2024

@md5 [Happy to move this to another thread, if need be.]

I completely agree that the organization's goal shouldn't be around centralized management.

I only mentioned that due to the fact that I think we've all seen a number of OA gems go unmaintained for some time. Heck, some were sitting on major security issues for years.

I feel that having the ability to update access, enabling (new) maintainers to cut gems, is important. Limiting that to the maintainers listed each respective team sounds good to me so long as it's two or more.

This all comes from personal experience wherein one sole person had access to cut OA gems and was 100% MIA. I simply couldn't get a hold of said person despite attempting to contact them via multiple mediums.

from omniauth-org.

andrewshadura avatar andrewshadura commented on May 27, 2024

Hi,
I just wanted to bring to your attention:

I think OpenID Connect is important enough to have it under the maintenance of the organisation and not an individual.

from omniauth-org.

Related Issues (4)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.