Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reduce filecoin-project org ownership #47

Open
4 of 6 tasks
BigLep opened this issue Jul 20, 2024 · 6 comments
Open
4 of 6 tasks

Reduce filecoin-project org ownership #47

BigLep opened this issue Jul 20, 2024 · 6 comments

Comments

@BigLep
Copy link
Member

BigLep commented Jul 20, 2024

Done Criteria

  1. Reduce org ownership to only a couple of people since "org owners" have the ability to impact the github org as a whole and every repo in the org (docs). This includes destructive one-way operations like repo deletion. These people should:
    1. be active in the filecoin-project org because they are more likely to make informed decisions and
    2. collectively represent multiple independent companies/teams.
  2. Review/reduce who has push access to github-mgmt in the org, as that is an escalation path to "org ownership" as well. This translates to looking at the "github-mgmt stewards" team, since that team has push access to github-mgmt. This group should be:
    1. still small (5-8)
    2. active in the org because they are more likely to make informed decisions
    3. representative of multiple independent companies/teams
  3. Give the "github-mgmt Stewards" team "moderator" and "security manager" roles.
  4. There should be comments above each username that has "org owner like" permissions providing a justification.

Why Important

This is the lowest-hanging fruit to protect the filecoin-project org around overly generous permissions. We're obviously not seeking to restrict access to code itself, and this isn't about checking some box for "good OpSec". Some reasons we care about the OpSec here include:

  1. We want to reduce the ability of malicious actors' ability to introduce vulnerabilities/bugs when they compromise a member's account.
  2. We want to reduce the possibility that someone's account could be compromised and then destructive actions are taken like deleting repos.

Communication Channels

This issue and the connected PRs are intended to be the main communication channels.

Background

The filecoin-project org has accumulated a lot of permissions over the years. This was somewhat acceptable/mitigated in the past by Protocol Labs Inc being a single company. As Protocol Labs Inc moves to an innovation network of companies (related blog) and projects like Filecoin having more and more independent teams, we're overdue on cleaning up permissions and reevaluating past assumptions.

Notes

  1. I don't think giving moderator and security operator roles to a team can be one through github-mgmt itself. For example, I don't see any useful docs when searching Terraform's docs. It would need to be a one-time action through the GitHub UI rather than through github-mgmt.
  2. For reference, a similar campaign was done in IPFS earlier in 2024 per [Tracking Issue] "Interplanetary Stack" Github permissions cleanup 2024Q1 ipfs/ipfs#511
  3. I went through all permissions listed in github org role docs and then listed how I think they could/should be handled (see the collapsed table at the bottom of [Tracking Issue] "Interplanetary Stack" Github permissions cleanup 2024Q1 ipfs/ipfs#511 (comment)).

Tasks

Preview Give feedback
  1. BigLep
@BigLep
Copy link
Member Author

BigLep commented Jul 20, 2024

While this captures my current thinking, I don't expect to take any action until this repo is made public per #45

BigLep added a commit that referenced this issue Aug 2, 2024
Also started documented why the current set of members are there.

This is being done now because there have been various permissions/access issues of late as part of cleaning up repos that FilOz owns/maintainers (e.g., improving CI, updating dependencies, adding dependabot).
This set of members will also get reviewed and improved as part of #47
BigLep added a commit that referenced this issue Aug 6, 2024
* Add rvagg as a member to "githut-mgmt stewards"
Also started documented why the current set of members are there.

This is being done now because there have been various permissions/access issues of late as part of cleaning up repos that FilOz owns/maintainers (e.g., improving CI, updating dependencies, adding dependabot).
This set of members will also get reviewed and improved as part of #47

* Moved galargh and jennijuju to be maintainers given org ownership

* fix@10256317436 [skip fix]

---------

Co-authored-by: filecoin-project-mgmt-read-write[bot] <124318806+filecoin-project-mgmt-read-write[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
@momack2
Copy link

momack2 commented Aug 22, 2024

I'm supportive of reducing org owners and also project admins - especially folks not actively involved in the day-to-day project today.

I'd propose moving these folks from "admin" to "member"
- anorth
- jbenet
- mishmosh
- protocolin

Would also propose moving these folks to security mgr + moderator
- arden-sead
- dr-bizz
- filecoin-helper
- galargh
- jmac-sead
- laurentsenta

Also, who is dr-bizz and do they need to be an admin?

cc @smagdali @jennijuju for feedback.

@smagdali
Copy link
Member

can confirm that @dr-bizz is Daniel Bisgrove from SEAD (but I had to go check on slack).

Approve of this effort, but would like to pull in @relotnek from FF side.

BigLep added a commit that referenced this issue Aug 23, 2024
Temporary org ownership is needed to complete #47

It enables me to
1. Access the (audit log)[https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization] so I can be sure I'm not advocating for removing owner ownership of someone who has been very active on administering the org
2. Give the "github-mgmt Stewards" team [moderator](https://docs.github.com/en/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization#organization-moderators) and [security manager](https://docs.github.com/en/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization#security-managers) roles.

Access here will be revoked as part of completing #47, which should happen no later than the week of 2024-09-02.
BigLep added a commit that referenced this issue Aug 23, 2024
@BigLep
Copy link
Member Author

BigLep commented Aug 23, 2024

@momack2 and @smagdali : thanks for the feedback.

I put my proposal for reducing org ownership here: #61

I had just been planning to give "moderator" and "security manager" roles to the "github-mgmt Stewards" team, but I think it makes sense to have dedicated teams for each of these and for now to have moderators include Sead folks and security managers include FF security folks. I'll make that change now.

Stebalien pushed a commit that referenced this issue Aug 23, 2024
Temporary org ownership is needed to complete #47

It enables me to
1. Access the (audit log)[https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization] so I can be sure I'm not advocating for removing owner ownership of someone who has been very active on administering the org
2. Give the "github-mgmt Stewards" team [moderator](https://docs.github.com/en/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization#organization-moderators) and [security manager](https://docs.github.com/en/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization#security-managers) roles.

Access here will be revoked as part of completing #47, which should happen no later than the week of 2024-09-02.
@BigLep
Copy link
Member Author

BigLep commented Sep 5, 2024

Give the "moderators" team moderator permissions.
Done

image

Give the "security-managers" team security manager permissions
Done

image

@BigLep
Copy link
Member Author

BigLep commented Sep 5, 2024

For closing out this issue, I need to get 2 required approvals going per #65 . I'm going to wait a bit on this to see how much this is needed in practice and to allow me to tackle some other loose ends.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants