Repo permission review

[spier]

As this GitHub repository grew, so did the number of people with access to it.

In this issue we are looking to document:

• who has access today
• what level of permissions do they have (and why)

Based on that we want to:

• describe how we want to handle permissions in the future
• change the permissions of existing users to match

[spier]

Current status:

• ✅ the @InnerSourceCommons/members GitHub team has READ access
  • purpose is for the repo to be shown more prominently for them in their individual GitHub account
• ✅ the @InnerSourceCommons/patterns GitHub team has ADMIN access
  • that team was originally meant to be "the group of people who are part of the ISC patterns working group".
  • However we have used it as "the people that are trusted committers on this repo".
  • With the latter approach we ran into the issue that you need to be a member of the org, in order to be a member on the team. therefore some of the newer trusted committers that we have are not a member of this team, and have been added individually to the repo
  • note that this team is also tied to some GitHub projects. not sure how that works.
• ✅ some individuals users have READ access
  • these users previous had more permissions but access was reduced to READ, as we did not know why they had those permissions.
  • we could remove these users from the repo now, as ALL users on GitHub have READ access to this repo by default
• ✅ some individual users have WRITE access
  • this makes working with this repo a little bit easier for them, as they don't have to maintain their own fork to send PRs
• ✅ Some of the owners of the InnerSourceCommons GitHub org have been added to the repo.
  • for them the following applies: "This is an organization owner. An organization owner cannot be assigned any other role (other than ADMIN)"
  • these users don't have to be added to the repo at all, as they have ADMIN access by default (by means of their org ownership)
  • we could these users from the repo, if they are not Trusted Committers at the same time. That way it would be more explicit that we give higher-level permissions to Trusted Committers only!

[spier]

Removed individual READ access for users:

• ErinMB
• Guy Martin
• Robert Hansel
• InnerSrcAdmin
• Kevin Newman
• Klaas-Jan Stol
• Michael Dorner
• Nick Stahl
• psudars
• Robert Hanmer

We could try to contact these users, to ask if they want to become more active in the Patterns WG again.
Not sure what the best way to contact the would be though.

[spier]

Removed WRITE/ADMIN permissions from org owners, that are no Trusted Committers on this repo.
Effectively this does not make any difference for them, as through their org ownership they still have ADMIN to this repo.

However for the maintainers of this repo it makes a difference, as we can more clearly see who is a Trusted Committer.

• Daniel Izquierdo Cortazar
• Georg Grütter
• Isabel Drost-Fromm
• rrrutledge

[spier]

@yuhattor I have everybody except the two of us from the team @InnerSourceCommons/patterns.
I have further removed the permissions that this team had on the InnerSourcePatterns repo, as instead I have added permissions for all Trusted Committers individually.

We can probably delete the @InnerSourceCommons/patterns team completely at some point. Just wanted to do an interim step first for safety reasons :)

[spier]

Removed this user for now. I think I added these permissions but I forgot why:

• Chan Voong

We can always add the permissions again, should they need access.

[spier]

With the improvements to the TC documentation this issue is done for the time being.