Skip to content

Remove commit bit from inactive core devs #539

New issue
New issue
Open
Open
Remove commit bit from inactive core devs#539
@hugovk

Description

@hugovk
hugovk
opened on May 31, 2024

The short story

For security, remove the commit bit from inactive core devs.

Long version

During the Language Summit 2024 one thing we discussed regarding "Strengthening Python's Security Model" was removing the commit bit for inactive core devs.

We have a policy for GitHub organisation owners and repository administrators:

Inactive or unreachable members may be removed with or without notice. Members who no longer necessitate this level of access will be removed with notice.

(During the summit, I said this was also the policy for core devs, but it's currently only for org owners and repo admins.)

I suggest we also apply this to core devs.

We should make it easy to re-add the commit bit for those become active again and would like it re-enabled.

We can use 🔒 https://github.com/python/voters as a starting point for this, which has a list of active/inactive core devs, updated annually for the purposes of Steering Council elections.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      pFad - Phonifier reborn

      Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

      Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


      Alternative Proxies:

      Alternative Proxy

      pFad Proxy

      pFad v3 Proxy

      pFad v4 Proxy