Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

policy: add github org membership section #171

Merged
merged 1 commit into from
Jun 29, 2023
+6 −0
Merged

policy: add github org membership section #171

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions policies/access.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,12 @@ Note: this list is intentionally not exhaustive.
This is the parent team for projects. Every project (e.g. scorecard, AO) should have a subteam contained within this one.
Teams for individual repositories go under here, which start with `repo-`, but team names may otherwise be unconstrained.

## GitHub Org Membership

Membership in the GitHub org should be freely given - it inherently confers no permissions or privileges, only a badge on the user's profile if they enable it - and it _does_ allow for easier team management. Someone should only be removed from the org in extreme circumstances where their association with OpenSSF would be problematic, and people should be encouraged to remain in the org in perpetuity.

Individuals are free to choose to be a member of the org or not, but membership is required to be on GitHub teams, which grants privileged access to repositories.

## Principle of Least Privilege

Permission levels should be as high as they need to be, and no higher.
Expand Down