►
Description
[SIG ContribEx] GitHub Administration Subproject Meeting for 20230727
A
Hey
everyone
welcome
to
the
July
edition
of
the
monthly
quarterbacks
GitHub
Administration
meeting,
just
a
few
things
before
we
start
the
meeting,
all
kubernetes
meetings
are
covered
by
the
scene,
support
of
conduct
which
essentially
boils
down
to
please
be
mindful
of
what
you
say
in
this
meeting
and
also
do
note
that
everything
is
recorded
and
be
kind
to
everyone
awesome.
B
A
So
the
first
agenda
item
today
is
from
Arno,
which
is
regarding
OC
artifact
registry
support,
which
essentially
is
like.
Can
we
enable
GitHub
container
registry
for
our
reports
or
no
do
you
want
to
elaborate
more
on
this
Yeah.
B
That
issue
was
brought
to
me
during
my
time
as
a
gigabad
main,
so
I
want
to
kind
of
bring
this
back
to
have
the
conversation
mostly
for
different
sub
project
can
try
to
not
use
specific
kids.io
but
use
a
GCR
repo
from
themselves
and
now
I
think
I'm
wearing
my
kitchen
front,
because
I
feel,
like
there's
value
on
doing
that,
and
it's
kind
of
helping
reduce
cost
burden
on
the
budget
of
the
project,
so
I
think
they
still
buy
you
on
doing
that.
B
I,
don't
know
what
kind
of
policy,
because
at
the
time
that
issue
was
brought,
there
was
some
issue
with
permission
granularity
at
the
repo
level,
how
we
delegate
permission
to
establish
also
people
or
the
GitHub
team
responders
of
specific
report
to
have
permission.
I
saw
in
the
release
note
of
GitHub
there's
like
Improvement
about
this,
so
I
think
we
should
try
to
take
a
look
and
see
what's
happening.
A
I
agree
from
a
cost
perspective
that
you
don't
make
sense
to
utilize
our
free
credits
or
utilize
github's
plan
for
open
source
reports,
I
think
in
the
slack
thread
there
were
concerns
raised
about
security
of
the
pipeline,
since
we
would
be
using
GitHub
actions
and
very
recently
we
have
seen
some
kind
of
issues
with
GitHub
actions
where
people
can
maliciously
use
it.
So.
A
Of
doing
this,
I
understand
that
this
was
me.
This
would
make
it
really
streamlined
that
credentials
might
not
be
needed
to
store
at
different
places,
because
you
can
use
greater
action
CI
and
then
push
to
GitHub
internet
registry
I
think
that
was
the
biggest
blocker
at
that
point.
Apart
from
the
permissions
model
on
the
permissions
model,
I
think
we
have
not
implemented
github's
granular
permission
model.
Yet
in
our
automation,
server
automation
still
uses
the
maintain
write,
read
privileges
that
we
used
to
use
earlier.
A
A
B
Not
much
it's
more
like
the
I,
don't
want
to
say
not
much
I
think.
Currently,
this
is
about
one
once
a
project,
but
if
you
basically
look
at
all
this
operation
free
app
in
the
in
the
pressure,
it's
kind
of
a
burden,
I
would
say.
I'll
pick
a
real
example.
Cluster
API
for
visual
is
want
to
be
promoted
into
production
registry.
So
we
have
this
expectation
of
where
any
suppression
interests
to
be
popular
or
try
to
distribute
the
control
image.
B
We
try
to
use
the
British
registry
which
make
resistance
that
gives
us
our
essential
place
for
literally
everything
in
the
project,
and
we
want
to
kind
of
I
want
to
kind
of
basically
change
that
expectation
by
basically
saying
if
you
have
the
capability
to
host
your
own
configuration
promote
that
without
relying
on
the
political
research
project.
You
should
you
should
do
in
this,
and
maybe
when
you
become
independent
and
go
directly
cncf,
that's
going
to
be
that's
going
to
be
way
more
simple
for
us.
B
That's
why
I
think
currently
did
it's
fine
I
think
they
have
a
station
repo?
They
can
promote.
That's
going
to
be
that's
going
to
be
interesting,
but
I
think
long
term
I
would
like
basically
have
physically
establish
some
kind
of
Independence
in
terms
of
all
the
income.
Oci
artifact,
it
could
be.
M
chat
could
be
binary,
it
could
be
control.
Image
like
those
are
distribution
specification
is
involving
to
be
because
you
bought
any
kind
of
artifact
in
author
registry.
So
that's
why
we
should
try
to
basically
push
that
push
that
responsibility
to
the
sub
project.
B
A
Yeah
I
think
at
this
point
like
we
have
raised
a
few
concerns
to
our
Gita
PMS,
about
security,
around
actions,
specifically
that
we
need
to
resolve
first
before
we
allow
people
to
explicitly
use
actions
and
to
your
point
of
giving
people
like
alternate
registry
access,
I.
Think
like
we
need
to
have
a
conversation
with
like
a
joint
conversation
between
caters,
infra
and
GitHub
admins,
because
this
is
a
very
repetitive
ask.
It
keeps
on
coming-
and
this
is
a
very
legit
task
by
people.
A
What
I
feel
personally
from
history
is
that
GitHub
Administration
team
has
been
managing
this
since
time
immemorial,
but
then
the
packages
and
actions
were
some
things
that
came
like
much
later
on,
yes,
switch
us
to
GitHub
and
ideally
like
I,
see
them
as
like
Community,
infra
kind
of
stuff
and
less
of
like,
like
I,
see
them
as
compute
and
storage,
rather
than
like
Community,
Management
stuff,
so
I
think
yeah
get
its
interest
should
also
have
some
sort
of
opinion
in
this.
B
Yeah
honestly
I'm
fine,
with
whatever
gigabyte
meeting
want
to
come
with
I
mean
we
can
see
it
sit
in
a
meeting
data,
committing
habit
that
conversation
even
get
feedback
from
GitHub
itself,
like
how
maybe
there's
like
a
preview
feature
or
there's
a
later
Improvement
of
the
API
to
answer
or
concern
because
from
a
security
practices,
there
might
be
Improvement
where
we
have
I
would
say
a
GitHub
talking
with
specific
permission
allowing
to
access
allowing
right
access
to
the
get
a
registry
and
make
sure
we
don't
have
any
security
hole
inside.
B
Basically,
the
entire
project
we
can
also
I
would
like.
Basically,
if,
like
you,
can
reach
out
to
get
open
this
graph,
that
small
conversation
about
hey,
we
want
to
do
some
things.
What
are
the
security
concerns
is
like
any
Improvement
done
recently
to
answer
that
question
this
kind
of
things
and
see
it
together
with
kids
and
find
out
this
conversation.
A
Yep
I
think
that's
a
good
action
item
to
take
forward
and
for
now
to
unblock
the
security
profiles
operator
project.
Are
they
using
our
staging
report.
B
I
I
think
they
have
staging
Devastation
registry,
but
the
problem
is
outside
universities.
Don't
allow
to
host.
B
B
That's
another
broker
because
until
like
at
the
time
we
were
building
the
new
registry,
the
M,
sharp
M,
Sharp
Way,
not
supported
so
I.
Think
that's
like
the
one
thing
when
you
need
to
improve
and
have
that
conversation,
but
for
the
stitching,
yeah
I
think
that
they
have
something
like
that.
I
need
to
check.
A
Got
it
let's
bring
up
the
point
again
on
slack
I,
think
a
lot
of
other
GitHub
admins
are
also
not
present
on
this
call,
and
it's
better
to
revive
the
slack
thread
that
we
had
taking
into
consideration
all
the
current
concerns
that
we
are
talking
about.
A
Cool
any
questions,
comments
from
others
to
this
point.
A
Cool:
let's
go
ahead
to
the
next
issue
by
Arnold,
OCTA
plus
GitHub.
B
Yeah
I'm
gonna
be
fast,
so
we
are
looking
to
Pro
to
build
a
unify
authentification
platform
for
the
community
and
we
want
to
Leverage
GitHub
as
an
identity
provider.
For
that
so
I
reached
out
to
cntf
to
get
a
license
with
OCTA.
They
are
working,
I.
Think
it's
now
accessible
by
us.
We
now
we
now
need
to
do
the
integration
between
octane
get
up
so
I
need
to
find
an
issue
in
Gate
org
write
all
the
details.
B
Concern
about
that
I'm
like
just
giving
it
up
like
accurately
I,
don't
have
any
action
because
we
saw
in
the
POC
phase,
try
to
investigate
the
solution
and
look
what's
but
later
we
it's
something
we
have
to
do
to
establish
like
centralized
authentication.
So
any
Community
member
can
leverage
get
abuse
on
them
to
access
any
platform
used
by
the
community.
It
could
be
Azure,
it
could
be
AWS
we
can
try
to.
We
want
to
also
integrate
with
other
things
like
one
password,
those
kind
of
things,
so
this
is
more
like
a
heads
up.
A
Awesome,
I,
think
the
action
item
on
this
is
for
Anno
to
create
an
issue,
and
then
we
will
go
ahead
with
this.
Any
other
questions,
comments
and
concerns
on
this
moment.
A
Cool,
that's
all
I
think
whether
that
end
of
agenda
but
open,
call
anything
that
you
all
want
to
discuss.
A
Good
to
the
just
update
or
like
a
thing
you
might
have
seen
terrible
exchange
has
been
merged
should
be
interesting.
Now
make.
B
A
Much
easier
yeah
before
the
end
of
the
call
I
was
going
to
give
a
shout
out
to
Nikita
Priyanka
and
you
mother,
for
rallying
that
along
all
this
time
and
I'm
pretty
happy
to
see
that
we
have
included
like
team
teams
and
repo
permissions
now,
and
next
step
is
like
I
think
once
GitHub
allows
us
access
to
do.
Crud
on
Project
permissions
I
want
to
also
see
that
happening
in
the
near
future.
Yeah.
A
A
Part
of
the
meeting
thanks
everyone
for
joining
today.
We
will
see
each
other
again
in
August
till
then
have
a
nice
month.