►
Description
[SIG ContribEx] GitHub Administration Subproject Meeting for 20230727
B
A
B
I,
don't
know
what
kind
of
policy,
because
at
the
time
that
issue
was
brought,
there
was
some
issue
with
permission
granularity
at
the
repo
level,
how
we
delegate
permission
to
establish
also
people
or
the
GitHub
team
responders
of
specific
report
to
have
permission.
I
saw
in
the
release
note
of
GitHub
there's
like
Improvement
about
this,
so
I
think
we
should
try
to
take
a
look
and
see
what's
happening.
A
I
agree
from
a
cost
perspective
that
you
don't
make
sense
to
utilize
our
free
credits
or
utilize
github's
plan
for
open
source
reports,
I
think
in
the
slack
thread
there
were
concerns
raised
about
security
of
the
pipeline,
since
we
would
be
using
GitHub
actions
and
very
recently
we
have
seen
some
kind
of
issues
with
GitHub
actions
where
people
can
maliciously
use
it.
So.
A
Of
doing
this,
I
understand
that
this
was
me.
This
would
make
it
really
streamlined
that
credentials
might
not
be
needed
to
store
at
different
places,
because
you
can
use
greater
action
CI
and
then
push
to
GitHub
internet
registry
I
think
that
was
the
biggest
blocker
at
that
point.
Apart
from
the
permissions
model
on
the
permissions
model,
I
think
we
have
not
implemented
github's
granular
permission
model.
Yet
in
our
automation,
server
automation
still
uses
the
maintain
write,
read
privileges
that
we
used
to
use
earlier.
A
B
Not
much
it's
more
like
the
I,
don't
want
to
say
not
much
I
think.
Currently,
this
is
about
one
once
a
project,
but
if
you
basically
look
at
all
this
operation
free
app
in
the
in
the
pressure,
it's
kind
of
a
burden,
I
would
say.
I'll
pick
a
real
example.
Cluster
API
for
visual
is
want
to
be
promoted
into
production
registry.
So
we
have
this
expectation
of
where
any
suppression
interests
to
be
popular
or
try
to
distribute
the
control
image.
B
We
try
to
use
the
British
registry
which
make
resistance
that
gives
us
our
essential
place
for
literally
everything
in
the
project,
and
we
want
to
kind
of
I
want
to
kind
of
basically
change
that
expectation
by
basically
saying
if
you
have
the
capability
to
host
your
own
configuration
promote
that
without
relying
on
the
political
research
project.
You
should
you
should
do
in
this,
and
maybe
when
you
become
independent
and
go
directly
cncf,
that's
going
to
be
that's
going
to
be
way
more
simple
for
us.
B
That's
why
I
think
currently
did
it's
fine
I
think
they
have
a
station
repo?
They
can
promote.
That's
going
to
be
that's
going
to
be
interesting,
but
I
think
long
term
I
would
like
basically
have
physically
establish
some
kind
of
Independence
in
terms
of
all
the
income.
Oci
artifact,
it
could
be.
M
chat
could
be
binary,
it
could
be
control.
Image
like
those
are
distribution
specification
is
involving
to
be
because
you
bought
any
kind
of
artifact
in
author
registry.
So
that's
why
we
should
try
to
basically
push
that
push
that
responsibility
to
the
sub
project.
B
A
Yeah
I
think
at
this
point
like
we
have
raised
a
few
concerns
to
our
Gita
PMS,
about
security,
around
actions,
specifically
that
we
need
to
resolve
first
before
we
allow
people
to
explicitly
use
actions
and
to
your
point
of
giving
people
like
alternate
registry
access,
I.
Think
like
we
need
to
have
a
conversation
with
like
a
joint
conversation
between
caters,
infra
and
GitHub
admins,
because
this
is
a
very
repetitive
ask.
It
keeps
on
coming-
and
this
is
a
very
legit
task
by
people.
B
Basically,
the
entire
project
we
can
also
I
would
like.
Basically,
if,
like
you,
can
reach
out
to
get
open
this
graph,
that
small
conversation
about
hey,
we
want
to
do
some
things.
What
are
the
security
concerns
is
like
any
Improvement
done
recently
to
answer
that
question
this
kind
of
things
and
see
it
together
with
kids
and
find
out
this
conversation.
A
B
B
B
That's
another
broker
because
until
like
at
the
time
we
were
building
the
new
registry,
the
M,
sharp
M,
Sharp
Way,
not
supported
so
I.
Think
that's
like
the
one
thing
when
you
need
to
improve
and
have
that
conversation,
but
for
the
stitching,
yeah
I
think
that
they
have
something
like
that.
I
need
to
check.
B
Yeah
I'm
gonna
be
fast,
so
we
are
looking
to
Pro
to
build
a
unify
authentification
platform
for
the
community
and
we
want
to
Leverage
GitHub
as
an
identity
provider.
For
that
so
I
reached
out
to
cntf
to
get
a
license
with
OCTA.
They
are
working,
I.
Think
it's
now
accessible
by
us.
We
now
we
now
need
to
do
the
integration
between
octane
get
up
so
I
need
to
find
an
issue
in
Gate
org
write
all
the
details.
B
Concern
about
that
I'm
like
just
giving
it
up
like
accurately
I,
don't
have
any
action
because
we
saw
in
the
POC
phase,
try
to
investigate
the
solution
and
look
what's
but
later
we
it's
something
we
have
to
do
to
establish
like
centralized
authentication.
So
any
Community
member
can
leverage
get
abuse
on
them
to
access
any
platform
used
by
the
community.
It
could
be
Azure,
it
could
be
AWS
we
can
try
to.
We
want
to
also
integrate
with
other
things
like
one
password,
those
kind
of
things,
so
this
is
more
like
a
heads
up.
A
A
B
A
Much
easier
yeah
before
the
end
of
the
call
I
was
going
to
give
a
shout
out
to
Nikita
Priyanka
and
you
mother,
for
rallying
that
along
all
this
time
and
I'm
pretty
happy
to
see
that
we
have
included
like
team
teams
and
repo
permissions
now,
and
next
step
is
like
I
think
once
GitHub
allows
us
access
to
do.
Crud
on
Project
permissions
I
want
to
also
see
that
happening
in
the
near
future.
Yeah.