From c3e08aab5a6df4d0c96f085d38c6ea573ffb87f7 Mon Sep 17 00:00:00 2001 From: Jordan Harband Date: Tue, 23 May 2023 11:41:50 -0700 Subject: [PATCH] policy: add github org membership section Signed-off-by: Jordan Harband --- policies/access.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/policies/access.md b/policies/access.md index b8ecdad8..39d18fe8 100644 --- a/policies/access.md +++ b/policies/access.md @@ -27,6 +27,12 @@ Note: this list is intentionally not exhaustive. This is the parent team for projects. Every project (e.g. scorecard, AO) should have a subteam contained within this one. Teams for individual repositories go under here, which start with `repo-`, but team names may otherwise be unconstrained. +## GitHub Org Membership + + Membership in the GitHub org should be freely given - it inherently confers no permissions or privileges, only a badge on the user's profile if they enable it - and it _does_ allow for easier team management. Someone should only be removed from the org in extreme circumstances where their association with OpenSSF would be problematic, and people should be encouraged to remain in the org in perpetuity. + + Individuals who choose not to be a member of the org will be unable to retain access to repositories due to being ineligible to being on GitHub teams. + ## Principle of Least Privilege Permission levels should be as high as they need to be, and no higher.