Re: Proposal to change GH org permission structure for committers
Gabriel Rosenhouse <grosenhouse@...>
toggle quoted messageShow quoted text
Thanks for taking the time to describe this proposal to the community.
I want to make sure I'm understanding correctly. Unfortunately "team" and "project" mean very different things for Cloud Foundry than for GitHub. If I'm understanding, you're proposing two very impactful changes:
a) every committer to any Runtime PMC project (e.g. everyone on the CF Routing team) has push access to any/all repos owned by all other Runtime PMC project teams (e.g. Release Integration)
b) project teams are no longer allowed to have their own GitHub orgs (e.g. github.com/cf-routing)
I have a couple concerns with this approach:
1. I don't trust myself with push rights to other teams's repositories
Our team (Routing) frequently PRs changes to code that is maintained by other CF teams. Today, this workflow is involves forking their repo into our team org, making changes on a branch there, and then opening a PR. It is pretty easy during this process to accidentally push the wrong commits to the wrong branch. I'd be worried that if we were not doing the fork+PR model and instead I had push access to the "upstream" repo directly, then I'd accidentally push a merge commit with a lot of junk to their master or develop branch. This would be painful for them to clean up, and painful for other teams to deal with in the meantime.
Team code ownership (as opposed to individual) is a powerful model. But I'm worried that it doesn't scale much beyond our existing 2-pizza teams.
2. Forking 3rd-party repos becomes more painful
Our team occasionally PRs changes to outside code, maintained by other individuals and organizations. We have to fork the repo in that case. If we didn't have a team org, we'd need to fork into the cloudfoundry org. Today, I don't have permission to fork into the cloudfoundry org (I don't see anything in your email about changing that). So I'd have to put in a ticket and wait for an Admin to do that for me. The Admins are usually crazy fast at this stuff, but the long-tail can stretch into hours and that really impacts our development efforts.
I wonder if we can find other solutions to your listed problems, maybe with more sophisticated CLA bot setup and more narrowly drawn policies around what kinds of code goes in what orgs.
On Wed, Dec 6, 2017 at 4:50 PM, Chip Childers <cchilders@...> wrote: