The NixOS GitHub enterprise and all (non-test) GitHub organisations part of it have the same set of people with the owners permission, comprised of the following team representatives:
- Foundation Board representative1: @infinisil
- Steering Committee representative2: @PhilipTaron
- Security Team representative3: @mweinelt
- Nixpkgs Core Team representative3: @emilazy
The number of org owners should be kept low to improve our security posture, while having team representatives improves the health of org owner decision-making by naturally ensuring a "two-person decisions require sign-off from multiple teams" property.
For any GitHub-related needs, you can reach out to the org owners by either:
- Pinging @NixOS/org
- Creating an issue in this repository.
- Messaging in the Github org owners help desk Matrix room.
This team's role is to manage and unblock users of the NixOS GitHub organization. They have autonomy to handle small day-to-day tasks and the expectation they will escalate bigger decisions to the Steering Committee.
All org owners can individually take care of implementing:
- Decisions by bodies that have the authority to make GitHub org changes such as:
- Arbitrary decisions by the Steering Committee.
- Moderation decisions by the moderation team.
- Changes from approved RFCs.
- Low-impact changes, such as:
- Adding new org members to allow review requests.
- Creating new unprivileged Nixpkgs teams for mention.
- Updating repository meta information.
- Changes requested by a repository admin that have no impact outside their repository.
Org owners need approval from at least one other org owner to take care of implementing higher-impact changes that are not controversial, such as:
- Administering unmaintained repos, such as by:
- Performing maintenance.
- Giving commit access to trusted people that offer maintenance.
- Archiving if appropriate.
- Making changes necessary to unblock automation.
- Making changes to the structure and CI of the org repository.
- Authoring content updates to the GitHub organisation documentation.
Org owners do not have authority to make other changes.
- Ensure all org owners exclusively use secure two-factor authentication4.
- Receive and process requests.
- We expect org owners to be subscribed to the NixOS/org repo.
- Each request should land in at least 2 org owners inboxes of some kind.
- Ensure that all non-trivial and non-sensitive org owner actions are publicly logged in either of the above channels.
- Escalate requests outside the given authority to the Steering Committee.
- Maintain the GitHub organisation documentation.
- Act as janitor for this repository.
- Add GitHub Enterprise licenses when running out of them
- At any time, a team can withdraw its representative per its own decision procedures. The Steering Committee can also vote to remove a representative.
- If a represented team's seat is vacant or expected to become vacant, it can nominate a replacement per its own decision procedures. The Steering Committee then votes on approving the replacement representative.
- The Steering Committee remains the final authority and can vote to amend org owner procedures at any time. Concerns about trustworthiness, activity, or procedures can be raised through the usual channels.