Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upGitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
feat: reduce gthub app/secret requirements #554
Conversation
Seven days wait + 2 approvals from both committees is quite bureaucratic, and so is 72 hours fast-tracking for an already approved app/secret, Reducing the number of required approvals to one per committee as well as the wait time to 72 hours as well as reducing the fast-track time to 24 hours should allow collaborators to move forward with their work faster, and since it still require approval from committees it shouldn't have a negative impact on security concerns.
|
I'm comfortable with the change for the one related to already approved apps/secrets, less so for the first time apps/secrets, although mostly for the apps versus secrets. I'd suggest just making the change for the ones related to already approved apps/secrets. |
|
Cc @nodejs/tsc @nodejs/community-committee since it affects the required approvals from both committees. |
|
Nit: |
|
@mmarchini not-yet-approved apps/secrets are more of a concern to me because that's where we should be doing most of the due diligence. It's a |
|
I understand that, but do you disagree that having two people doing the due diligence (one from each committee) is enough? We have a total of four people today. I'd rather have two doing proper due diligence than four "empty" +1s. |
|
@mhdawson just double-checking: are you blocking this from landing? |
|
@mmarchini I'd say yes unless we get more TSC/CommComm members approving. I'd be ok if for the first time request we change either the number of approvers or the time, but not both. I'll also withdraw my objection if more TSC/CommComm members approve. I'm just not comfortable with this change landing with just 1 approval. |
so in the context of |
|
Ok, I'll split this PR into two: one to change the number of approvals on normal requests, and another to change the time on fast-track requests. I might follow up later with a PR suggesting changes to the wait time on normal requests so we can continue discussion. |
|
I see the comment about splitting this up, but I just want to add my approval here for the PR as it currently stands - if we are requiring at least two people from the TSC/CommComm to approve, there is an assumed level of competence in those approvals. I can't see a reason we'd need to wait up to 4 additional days for something we can choose to reverse if a concern is raised later. |
Seven days wait + 2 approvals from both committees is quite bureaucratic, and
so is 72 hours fast-tracking for an already approved app/secret, Reducing the
number of required approvals to one per committee as well as the wait time to
72 hours as well as reducing the fast-track time to 24 hours should allow
collaborators to move forward with their work faster, and since it still
require approval from committees it shouldn't have a negative impact on
security concerns.