Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Repository / package admin tasks #338

Closed
5 tasks done
broofa opened this issue Oct 19, 2019 · 32 comments · Fixed by #351, #808, #809 or #813
Closed
5 tasks done

Repository / package admin tasks #338

broofa opened this issue Oct 19, 2019 · 32 comments · Fixed by #351, #808, #809 or #813

Comments

@broofa
Copy link
Member

broofa commented Oct 19, 2019

Capturing some housekeeping tasks for project owners:

  • NPM: Require 2FA for all package owners
  • NPM: Add ctavan as owner
  • Github: Require 2FA for all members of Kelektiv org (@defunctzombie, is this enabled?)
  • Github: Rename repo to "uuid" (@broofa)
  • Github: Update repo URL in package.json (@broofa)
@ctavan
Copy link
Member

ctavan commented Dec 2, 2019

@broofa what's the status on this? I was trying to set up browserstack-based testing through Travis.ci but it seems that I'm lacking permissions. Maybe I need to get admin permissions on this repo in order to do this? Would be great to get this solved so I can move forward with the modernization of this library.

@broofa
Copy link
Member Author

broofa commented Dec 2, 2019

'Promoted you to 'admin' here. See if that fixes the problem.

@ctavan
Copy link
Member

ctavan commented Dec 5, 2019

@defunctzombie how about 2FA for the kelektiv org? Could you also help me understand what the kelektiv org is and who the members are?

@defunctzombie
Copy link
Contributor

@ctavan @broofa require 2fa is not currently enabled. Would you like me to enable it? When I enabled it everyone in the organization must have 2fa on their account or they will be removed from the organization.

@ctavan kelektiv was created by @ncb000gt as a way of grouping a few commonly maintained and popular modules under an organization rather than a single personal account. Organizations make it easier to manage users as folks come and go.

If there is a better organization to group these under I certainly would not object.

@broofa
Copy link
Member Author

broofa commented Dec 6, 2019

It looks like the kelektiv org consists of just the three of us, right? So... yeah unless either of you two have a reason not to, let's turn on 2FA. I know it's not required, but it's the responsible thing to do.

Regarding what kelektiv is and what the right home for uuid should be, if there's a more suitable organization I'm fine with that. I don't have a specific suggestion there, but how/where to host a long-lived, popular module responsibly is an interesting question. Let me reach out to a couple people and see what they suggest.

@ctavan
Copy link
Member

ctavan commented Dec 6, 2019

+1 for 2FA

Regarding the org: thanks for the clarification! I did not mean to question whether the current org was a good place for this library, I was just curious.

The only thing that confused me a bit was that the member list of the kelektiv org does not seem to be public. Especially for security related OpenSource projects I would personally prefer to see more transparency in the orgs that effectively control the source code.

@defunctzombie @broofa would it be an option to make the kelektiv member list public as a quick win?

In addition to that I‘m with @broofa in that I find it interesting to reconsider what org would be suitable for very long lived libraries where the set of active maintainers changes over time. I don’t believe that this is an urgent question though.

@broofa
Copy link
Member Author

broofa commented Dec 7, 2019

+1 for making org membership public

@ncb000gt
Copy link

ncb000gt commented Dec 7, 2019

@defunctzombie is correct. I had a baby on the way, my second, at the time with a bunch of other obligations and management of the different projects was getting tougher from my personal account. So I looked at moving bcrypt and cron to other projects but it was clear that wasn't going to work out. Thus, kelektiv was born.

I agree with the points about transparency in oss. And, that security should be a top concern. I'm ok with making the member list public and with 2fa so long as everyone else is.

Thanks for bringing this up.

@ctavan
Copy link
Member

ctavan commented Dec 7, 2019

OK, I think we have votes for:

2FA: @broofa @defunctzombie @ncb000gt @ctavan
Member list public: @broofa @ncb000gt @ctavan

As I have no visibility (yet) into the current member list, could one of you check, if there are additional members that need to be asked?

@defunctzombie fine with public membership as well?

@defunctzombie
Copy link
Contributor

defunctzombie commented Dec 7, 2019

@ncb000gt and @wercker (a bot?) need to enable 2FA on their accounts. Once they have done so I can enable 2FA.

Membership in an organization is a per-user setting. Each person can decide if they want to make their membership public or not. This is personal preference.

@ctavan
Copy link
Member

ctavan commented Dec 8, 2019

@defunctzombie I'm aware that org admins can specify org visibility for each member separately however I haven't found a way how I could control that on my own for orgs where I'm member but not admin. Where would I change that visibility?

If it turns out not to be possible for group members to control that on their own could you adjust the corresponding settings in the org for all of us?

@defunctzombie
Copy link
Contributor

@ctavan
Copy link
Member

ctavan commented Dec 8, 2019

Oh ok, so does that mean I'm not a member of the org at the moment?

Screenshot 2019-12-08 20 13 51

@ncb000gt
Copy link

ncb000gt commented Dec 14, 2019 via email

@broofa
Copy link
Member Author

broofa commented Dec 15, 2019

@defunctzombie Looks like ctavan isn't in the kelektiv org. Can you add him?
image

@ctavan
Copy link
Member

ctavan commented Dec 28, 2019

@defunctzombie friendly ping?

@defunctzombie
Copy link
Contributor

@ctavan You are a collaborator on this repo rather than the entire org. I have no problem adding you to the entire org but I think we did per repo collaborators. @ncb000gt do you care? I don't remember who even maintains the bcrypt stuff or what their status is.

@ctavan
Copy link
Member

ctavan commented Jan 3, 2020

@defunctzombie @ncb000gt @broofa: Given that there does not really seem to be an intersection of active maintainers of node-uuid and other repos in the kelektiv org I would like to bring up the idea of moving the uuid module into its own organization again.

I would see several benefits:

  1. We could use the org to grant privileges which would allow us to establish a transparent list of maintainers.
  2. We could set up things like enforced 2FA etc. independently of other unrelated repos.
  3. We could handle addition / removal of future maintainers more easily without bothering @defunctzombie and @ncb000gt who are no longer actively working on node-uuid.

I have to admit that right now it doesn't really feel super productive for me to take your resources for repository admin tasks of a repo that you otherwise don't really maintain any more.

As a name I could imagine something like https://github.com/uuidjs

What do you think?

@broofa
Copy link
Member Author

broofa commented Jan 3, 2020

I'd be fine with that. 'Totally understand your feelings re: productivity.

@defunctzombie
Copy link
Contributor

I personally think it is fine adding folks as collaborators on repos rather than entire org but I also do not care either way where this lives hosting wise. Tell me what you all want me to do and I will do it.

@ctavan
Copy link
Member

ctavan commented Jan 6, 2020

I have created a new org on github and I intend to transfer ownership of this repo into the org: https://github.com/uuidjs

The new home of this repo will be: https://github.com/uuidjs/uuid

I'll wait for objections for another 3 days 😉

@defunctzombie @broofa I have invited both of you to the new organization and will give you owner permissions once you have accepted the invitation.

@broofa
Copy link
Member Author

broofa commented Jan 6, 2020

@ctavan Sounds good, thank you!

Quick sanity check questions:

  • Is there an existing organization that might be an appropriate home for this module? No reason to create a new org if there is already a good home available... not that I'm aware of such.
  • If creating a new organization, should it have a charter beyond maintaining this one uuid repo? I.e. What other repos might be appropriate for this new org, if any, and might that affect the name of the org?

@ctavan
Copy link
Member

ctavan commented Jan 6, 2020

I exchanged a few DMs with @bcoe on this: He told me that he moved two of his former personal projects into dedicated orgs (namely https://github.com/yargs and https://github.com/istanbuljs) and was happy with the move. I have done the same a few years back with https://github.com/express-validator/express-validator (it's also a single-purpose org) when somebody else became the primary maintainer of the module, and it worked out well.

I don't really see any drawbacks with having a dedicated single-purpose org for one module.

Obvious additional repos could be documentation (github pages, even though the README will likely be fine forever in the case of UUID) and other UUID-related things, but I would not want to make any assumptions on that right now.

@broofa
Copy link
Member Author

broofa commented Jan 6, 2020

Sounds good. In terms of logistics are there any considerations that would prevent simply transferring this repo to the new org? Seems like the simplest approach. @defunctzombie @ctavan

@ctavan
Copy link
Member

ctavan commented Jan 6, 2020

I think we should do exactly this: Transfer the repo to the new org. All relevant things should remain intact and github will set up redirects from the old repo URL (so we should make sure NOT to create a repo named https://github.com/kelektiv/node-uuid later!).

@defunctzombie
Copy link
Contributor

@broofa are you 👍 on the transfer to the new org?

@broofa
Copy link
Member Author

broofa commented Jan 14, 2020

@defunctzombie Yup. I'm in the new org, so @ctavan and I can take it from here.

@defunctzombie
Copy link
Contributor

The repository transfer is complete.

@ctavan
Copy link
Member

ctavan commented Jan 15, 2020

I‘m currently home sick with a flu but will make sure to adjust repo URL’s etc in the package.json as quickly as possible.

Thanks for your help!

@broofa
Copy link
Member Author

broofa commented Jan 15, 2020

@defunctzombie Hey, I know nothing much is changing with this and I look forward to your continued involvement here in whatever form that takes, but this sort of thing is as significant an event as we opensource folks seem to get. So let me just take this opportunity to say I appreciate all the work you've done for this project over the years. Thanks, man!

@ctavan And thanks to you as well for setting up the new repo and moving things forward! Also, I hope you feel better soon.

@ncb000gt
Copy link

Glad you were all able to figure something out that works for your project. :)

As a note, I haven't had any issues with transferring personal projects into orgs, that's what I did with bcrypt and cron.

@ctavan
Copy link
Member

ctavan commented Jan 16, 2020

Thanks everyone for your support!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
4 participants