-
Notifications
You must be signed in to change notification settings - Fork 39
Github Roles
This page documents:
- roles (github calls them 'teams' but this document will use the two terms interchangeably)
- the permissions associated with roles
- the expectations the community has of the people in said roles
For a description of the Github organization permission model see this write-up. You should be familiar with this document before continuing.
The Github owner is a built-in role that cannot be removed. Owners have full access to all repositories and have admin rights to the organization. Owners can change billing info and cancel organization plans.
Since OpenXT doesn't use any of the Github paid features the billing component of the 'owners' role isn't too important at the moment. This leaves the OpenXT 'owners' role defined mostly as the ability to add, remove, and rename repositories, as well as adding, removing, renaming and assigning community members to other roles. This is effectively the most privileged role for this reason.
Any modifications to the OpenXT Github org that requires the privileges of the 'owner' role must be announced and discussed on the OpenXT Google group.
This is a default Github team but we hardly use it. It grants members 'admin' permissions to members but currently we only have one repo assigned to it. Thus it's mostly a non-team currently. We should consider removing it or repurposing it to be a team with administrative access to all repos. This would be used for a group of admins to expedite merging fixes for repos where we only have one or fewer maintainers.
The following is a description of the existing teams we have defined for subsystems. The expectations the community has for for members of these teams are are described in the maintainers wiki page. Currently we don't have a consistent naming convention for these teams so we should sort that out as well.
This team is tasked with maintaining the repos necessary to build OpenXT. Currently this includes only those repos associated with building the OpenXT platform (build scripts and OE build metadata) but does not include the repose associated with building the Windows tools. We should consider expanding this team to cover the Windows tools build or specifically define this team to be relevant to only the platform build.
This team is a relatively new one. Members of this team have access to the bvt repo. Members of this team are granted 'admin' privileges over the associated repos.
The 'core' team is intended to cover the lower level plumbing in OpenXT. This includes things like the linux patch queue, the xen patch queue, the ioemu (qemu) and its associated patchqueue. Members of this team are granted 'admin' privileges over the associated repos.
This is a relatively new team and was created when we added a website managed by the Github pages mechanism. It is limited in scope currently to the website repo but is intended to include all documentation as well. It could be that all of our docs are just managed as part of the website source but this is something that will be determined when we actually have docs beyond the wiki. Members of this team are granted 'admin' privileges over the associated repos.
This team collects the repos associated with the mandatory access control (MAC) components in OpenXT. It was given this generic name to cover SELinux and XSM, both of which are an instance of MAC policy. Members of this team are granted 'admin' privileges over the associated repos.
This team collects the repos associated the OpenXT Windows drivers and in-guest tools. Members of this team are granted 'admin' privileges over the associated repos.
This team is summed up quite eloquently by the associated team description: "edit the wiki, file bugs, go go go!". This is less relevant now that we've closed the Github issue tracking in favor of using the OpenXT JIRA instance. Still it's a team that allows 'read' access to the openxt.git repo which allows members to edit the wiki.