Skip to content

Latest commit

 

History

History
66 lines (53 loc) · 4.64 KB

File metadata and controls

66 lines (53 loc) · 4.64 KB

GitHub enterprise and org owners

The NixOS GitHub enterprise and all (non-test) GitHub organisations part of it have the same set of people with the owners permission, comprised of the following team representatives:

The number of org owners should be kept low to improve our security posture, while having team representatives improves the health of org owner decision-making by naturally ensuring a "two-person decisions require sign-off from multiple teams" property.

How to contact the team

For any GitHub-related needs, you can reach out to the org owners by either:

Authority and processes

This team's role is to manage and unblock users of the NixOS GitHub organization. They have autonomy to handle small day-to-day tasks and the expectation they will escalate bigger decisions to the Steering Committee.

All org owners can individually take care of implementing:

  • Decisions by bodies that have the authority to make GitHub org changes such as:
    • Arbitrary decisions by the Steering Committee.
    • Moderation decisions by the moderation team.
    • Changes from approved RFCs.
  • Low-impact changes, such as:
    • Adding new org members to allow review requests.
    • Creating new unprivileged Nixpkgs teams for mention.
    • Updating repository meta information.
  • Changes requested by a repository admin that have no impact outside their repository.

Org owners need approval from at least one other org owner to take care of implementing higher-impact changes that are not controversial, such as:

  • Administering unmaintained repos, such as by:
    • Performing maintenance.
    • Giving commit access to trusted people that offer maintenance.
    • Archiving if appropriate.
  • Making changes necessary to unblock automation.
  • Making changes to the structure and CI of the org repository.
  • Authoring content updates to the GitHub organisation documentation.

Org owners do not have authority to make other changes.

Responsibilities

Team Representatives Rotation

  • At any time, a team can withdraw its representative per its own decision procedures. The Steering Committee can also vote to remove a representative.
  • If a represented team's seat is vacant or expected to become vacant, it can nominate a replacement per its own decision procedures. The Steering Committee then votes on approving the replacement representative.
  • The Steering Committee remains the final authority and can vote to amend org owner procedures at any time. Concerns about trustworthiness, activity, or procedures can be raised through the usual channels.

Footnotes

  1. For legal/financial matters

  2. For elected governance

  3. For relevant expertise 2

  4. "Secure two-factor methods are passkeys, security keys, authenticator apps, and the GitHub mobile app"