-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pilot reduced write permissions for edX teams #20
Comments
@jristau1984 will be talking to Sarina. |
The pilot is currently on hold until the summer. What should we be doing before then to make it a success? |
The current proposal: https://docs.google.com/document/d/1Ev0uelTvUozQBjq1BWob8Kki4QOg37z-ZWe2u_8ZxV0/edit |
We've already had reduced access to some repos due to SOX compliance. Do we need to do more for this? |
What repos had their access reduced? it's probably worth at least
enumerating them here before we close this out.
Thanks,
Jeremy Ristau
Engineering Manager - edX/2U
…On Tue, Jan 24, 2023 at 11:52 AM Ned Batchelder ***@***.***> wrote:
We've already had reduced access to some repos due to SOX compliance. Do
we need to do more for this?
—
Reply to this email directly, view it on GitHub
<#20 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACZ5NHVSARB5Q64NB2HYQTTWUACGDANCNFSM5PEVIX5A>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
These are the payments repos, which afaik are not highly used anyway. I'd expect a pilot program to not only reduce access, but to do surveys and assess impact, and then also assess if the pilot needs to be expanded if not enough data are collected. Oh, and determine next steps & make tickets, if applicable. |
So far we've seen no issues with the few repos we've done this with, so maybe we don't need a formal pilot? |
FWIW the frontend-app-library-authoring and frontend-lib-content-components repos both have restricted access set up, and we have successfully fielded one 2U change request already with no issues (other than initial confusion, with a subsequent sharing of the new approach). |
Instead of a pilot, I guess this is now something like, work with Axim on which repo should be next for limited access. |
Also: #116 |
Here's a roll-up of the squads and their repos: teams.yml: https://gist.github.com/nedbat/1bb9866d38cd67405109f76cd4b695d3 This doesn't take some things into account:
|
Axim would like to give teams permissions to the repos they need, rather than granting all edX engineers write access to all repos.
A pilot would find a team that could most easily accept reduced permissions, and try it out.
The text was updated successfully, but these errors were encountered: