Link to GitHub team makes governance appear opaque to non-members

Question

Link to GitHub team makes governance appear opaque to non-members

joshuagl opened this issue 2 years ago · 12 comments

The Governance section of the README links to the GitHub team, but GitHub teams are not visible to readers who are not members of the teams' organisation. The link in the README is a 404 for me.

Teams have two states, visible and secret. Visible teams can be viewed and mentioned by organisation members. Secret teams can be viewed and mentioned only by people on the team and organisation owners.

Answer 1 · 2023-05-31T13:40:40.000Z

Thanks for pointing that out, certainly not the intention :)

CC @di who may be able to fix this

Answer 2 · 2023-05-31T13:58:12.000Z

Thanks! ~~I realised I can see 9 of the 44 teams in https://github.com/orgs/ossf/teams --- which implies there's a third visibility state for teams?~~
Correction: I am part of the org 🤦

Answer 3 · 2023-05-31T14:33:01.000Z

This team seems to just not exist anymore. I also seem to have lost the ability to administer this repo or change the collaborators. @hythloda, was this intentional?

Regardless of that, do we need this line in the readme? If so, what should it link to, the maintainers of this repo?

Answer 4 · 2023-05-31T18:07:24.000Z

Ah, that was my bad - I renamed the team to align with our conventions. It's now https://github.com/orgs/ossf/teams/wg-securing-software-repos

Answer 5 · 2023-05-31T18:08:19.000Z

@di you should have Maintain privileges on the repo, is that not sufficient?

Answer 6 · 2023-05-31T18:10:39.000Z

@ljharb It doesn't give me the ability to add/remove collaborators to these teams, modify settings on this repository, etc. Not sure if that was intentional or not but IMO the chair(s) of a given WG should probably have those abilities at least.

Answer 7 · 2023-05-31T18:13:01.000Z

That makes sense to me; now yourself and Bob are "maintainers" of the base team (which grants Maintain access). There's a separate team that grants Admin access, that only Bob is on atm. Please let me or @hythloda know if you need any adjustments to the team structure.

Answer 8 · 2023-05-31T18:22:21.000Z

OK, we can see if that works.

Regarding @joshuagl's original issue, I think that's still not resolved (the team is still only visible to org members I think). Not sure if we can adjust the visibility or if it was just always like this and we should replace the link with a list of team members.

Answer 9 · 2023-05-31T18:24:30.000Z

The latter.

Answer 10 · 2023-05-31T19:43:42.000Z

Is the list at CHARTER.md?

https://github.com/ossf/wg-securing-software-repos/blob/66d897be3d7ab9bdb72a76afe35c9825c8632ef1/CHARTER.md#8-maintainers

Answer 11 · 2023-08-11T12:54:42.000Z

There are two different things people have been doing, the CHARTER.md file listing collaborators like above and a MEMBERS.md file.

What we have been trying to do is:
contributors = write
maintainers = maintain
leads = admin

Leads are on all the lists as maintainers and can add and remove people to the lists as they need/want. I think this is working well.

Does this seems like a solution that has been working? Willing to iterate on something else if this isn't functioning well. otherwise, let's close this up as solved!

Answer 12 · 2023-08-11T16:15:53.000Z

I think we can just drop the link to the team, as CHARTER.md already lists all the maintainers: #33