<div dir="ltr"><font size="2"><span style="font-family:arial,helvetica,sans-serif"><b>summary</b>:
If you get tagged in a Github issue about Github Organization
permissions, write us back telling us which repositories/organizations
you want to retain write permissions to.<br></span></font><div><font size="2"><span style="font-family:arial,helvetica,sans-serif"><br>Good morning ROS Users,<br><br></span></font><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font size="2"><span style="font-family:arial,helvetica,sans-serif"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">A few months ago, Github announced major changes and improvements to Github organization permissions: </span><a href="https://github.com/blog/2064-new-organization-permissions-now-available" style="text-decoration:none" target="_blank"><span style="color:rgb(17,85,204);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:underline;vertical-align:baseline">https://github.com/blog/2064-new-organization-permissions-now-available</span></a></span></font></p><font size="2"><span style="font-family:arial,helvetica,sans-serif"><br></span></font><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font size="2"><span style="font-family:arial,helvetica,sans-serif"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">Many
of the ROS Github organizations (those with “ros-” in the name) are
still using legacy admin teams. We would like to migrate the legacy
teams to the new organization permissions settings. We are also going to
take this opportunity to audit the ROS organizations for ownership vs.
membership permissions and inactive team members.</span></span></font></p><font size="2"><span style="font-family:arial,helvetica,sans-serif"><br><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">Some
of our Github orgs have a very large number of owners, which is a
security risk because ownership permissions allow owners to delete
organizations, rename organizations, change billing information, or
register OAuth tokens for external applications using the Github API.
Limiting the number of owners is a way to mitigate that security risk.
To that end, we will restrict the owners of the ROS Github orgs to core
maintainers of those organizations, as well as the ROS team. We also
want to limit the write permissions on these repositories to active
committers to that repo.<br><br></span></span></font></div><div><font size="2"><span style="font-family:arial,helvetica,sans-serif"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">This affects all ros* repositories on which the ROS team already has ownership access:<br></span><br></span></font><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font size="2"><span style="font-family:arial,helvetica,sans-serif"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">ros</span></span></font></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font size="2"><span style="font-family:arial,helvetica,sans-serif"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">ros-controls</span></span></font></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font size="2"><span style="font-family:arial,helvetica,sans-serif"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">ros-drivers</span></span></font></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font size="2"><span style="font-family:arial,helvetica,sans-serif"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">ros-drivers-gbp</span></span></font></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font size="2"><span style="font-family:arial,helvetica,sans-serif"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">ros-gbp</span></span></font></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font size="2"><span style="font-family:arial,helvetica,sans-serif"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">ros-geographic-info</span></span></font></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font size="2"><span style="font-family:arial,helvetica,sans-serif"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">ros-infrastructure</span></span></font></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font size="2"><span style="font-family:arial,helvetica,sans-serif"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">rosjava</span></span></font></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font size="2"><span style="font-family:arial,helvetica,sans-serif"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">ros-perception</span></span></font></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font size="2"><span style="font-family:arial,helvetica,sans-serif"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">ros-planning</span></span></font></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font size="2"><span style="font-family:arial,helvetica,sans-serif"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">ros-simulation</span></span></font></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font size="2"><span style="font-family:arial,helvetica,sans-serif"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">ros-teleop</span></span></font></p><font size="2"><span style="font-family:arial,helvetica,sans-serif"><span style="color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline">ros-visualization</span></span></font></div><font size="2"><span style="font-family:arial,helvetica,sans-serif"><br></span></font><div><font size="2"><span style="font-family:arial,helvetica,sans-serif">We
are starting with ros and ros-gbp, which are the largest repos affected
(most number of repositories and owners). We will be more strict about
limiting owners on these repositories; in particular, because ros-gbp is
for managing release metadata for other repositories, ownership will be
limited to the ROS team at OSRF because we manage the buildfarm
infrastructure. In ros-gbp we leverage Github teams to represent the ROS
organization structure, and we can assign team admins to manage those
individual teams.<br><br></span></font></div><div><font size="2"><span style="font-family:arial,helvetica,sans-serif">One
implication of removing owners from ros-gbp is that only the ROS team
will be able to add new members to ros-gbp, which means we have to
manually approve every new maintainer who has permissions to make
releases. Luckily there is a way for team admins to give outside
collaborators write access to individual repositories: <a href="https://help.github.com/articles/adding-outside-collaborators-to-repositories-in-your-organization/" target="_blank">https://help.github.com/articles/adding-outside-collaborators-to-repositories-in-your-organization/</a><br><br>We
recommend using the collaborators mechanism if you need a release in a
hurry, but we will also respond as quickly as possible to requests for
adding new team members on ros-gbp.<br></span></font></div><font size="2"><span style="font-family:arial,helvetica,sans-serif"><br></span></font><font size="2"><span style="font-family:arial,helvetica,sans-serif">If
you are not currently active on a project and this audit reminds you
that you would like to be more involved, you can always ask for write
permission after showing a history of valuable contributions through
pull requests. (For example, fixing issues for the upcoming Kinetic
release is a great start :]) We encourage even core maintainers to use
pull requests for peer review.<br><br></span></font><div><font size="2"><span style="font-family:arial,helvetica,sans-serif">Next steps:<br></span></font></div><div><font size="2"><span style="font-family:arial,helvetica,sans-serif">We
will post issues on rosdistro for each ros Github org, tagging the
current owners and asking if they would like to retain ownership
permissions.<br></span></font></div><div><font size="2"><span style="font-family:arial,helvetica,sans-serif">If you want to retain ownership, post on the ticket with a short justification why.<br></span></font></div><div><font size="2"><span style="font-family:arial,helvetica,sans-serif">If
you do not need to retain ownership, post on the ticket with the names
of repositories for which you would like to retain admin or write
permission. Otherwise we will decide for you based on your recent commit
history.<br></span></font></div><div><font size="2"><span style="font-family:arial,helvetica,sans-serif">If you do not respond 2 weeks after being tagged, you will be considered inactive and your ownership will be removed.<br></span></font></div><div><font size="2"><span style="font-family:arial,helvetica,sans-serif"><br></span></font></div><div><font size="2"><span style="font-family:arial,helvetica,sans-serif">Regards,<br><br></span></font></div><div><font size="2"><span style="font-family:arial,helvetica,sans-serif">The ROS Team</span></font></div></div>