Recently, several maintainers of contributed projects have expressed their frustration in not having sufficient permissions to adequately manage their projects on Github.
When the Backdrop Contrib Group was first established, GitHub Group permissions were quite limited. The PMC's biggest concern was that if we granted all maintainers full admin access on their own projects, they would have the ability to delete that project (intentionally or not). Deleting a project would be against the spirit and intent of sharing these projects in the Backdrop CMS contrib group, and could potentially harm those using Backdrop.
During recent discussion about the maintainer access situation, I discovered that Github has added a new option for Groups: we can now prevent members of the group from deleting group projects.
Since it is possible to grant maintainers full admin access on their projects now, without running the risk of loosing them, we decided that it would be a good idea to have a formal PMC endorsed policy in terms of how Github permissions are configured.
The following policy was discussed and adopted by the Backdrop Project Management Committee:
The maintainer will have admin access to their project, including the ability to add other maintainers.
With this change, the complete set of permissions for contributed projects will be as follows:
- The maintainer of each project will have
adminaccess - Members of the Security team will have
adminaccess - Members of the Bug Squad team will have
writeaccess - All Members of the Contrib group ("Authors") will have
triageaccess - Everyone else will have read access
We are planning on setting up a tool to automate the roll-out of permissions as listed above, however, that tool is still in development.
If you are a maintainer of contributed project and do not yet have admin access on your project, you are welcome to request access by opening an issue in the Backdrop Contrib Queue.