202408 proposal for reducing filecoin-project org ownership

CODEOWNERS

@@ -1,2 +1,6 @@
+# The ipdx team is responsible for GitHub Management maintenance (at least through 2024)
+* @ipfs/ipdx
+
 # The github-mgmt stewards team is responsible for triaging/reviewing configuration change requests
-/github/filecoin-project.yml @filecoin-project/github-mgmt-stewards
+# The ipdx team is added here temporarily to witness use patterns in github-mgmt
+/github/filecoin-project.yml @filecoin-project/github-mgmt-stewards @ipfs/ipdx

github/filecoin-project.yml

@@ -1,11 +1,15 @@
 # yaml-language-server: $schema=.schema.json
 
 members:
+  # Admin permissions map to "org owner" permissions listed in 
+  # https://docs.github.com/en/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization#permissions-for-organization-rolesare 
+  # These permissions are very broad, and thus, the list of people is intentionally minimal.
+  # Day-to-day administrating is done by those in the "github-mgmt Stewards" team (see team below).  
+  # "github-mgmt Stewards" team can still escalate into org owner permissions if/when needed.  
+  # This minimal owner set plus supporting rationale was documented and discussed in https://github.com/filecoin-project/github-mgmt/issues/47.
   admin:
-    - anorth
-    - arden-sead
     # Why @BigLep?
-    # Temporary org ownership is needed to complete https://github.com/filecoin-project/github-mgmt/issues/47
+    # TEMPORARY org ownership is needed to complete https://github.com/filecoin-project/github-mgmt/issues/47
     # It enables me to
     # 1. Access the (audit log)[https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization]
     #    so I can be sure I'm not advocating for removing owner ownership of someone who has been very active on administering the org
@@ -14,20 +18,21 @@ members:
     # Access here will be revoked as part of completing https://github.com/filecoin-project/github-mgmt/issues/47,
     # which should happen no later than the week of 2024-09-02.
     - BigLep
-    - dr-bizz
-    - filecoin-helper
+    # Why @galargh?
+    # 1. co-founder of [IPDX](https://ipdx.co) and IPDX is contracted to help look after GitHub for this organization at least through 2024.
+    # 2. Multiple years of experience managing GitHub organizations of open source projects, including this org and related orgs like ipfs.
     - galargh
-    - jbenet
+    # Why @jennijuju?
+    # 1. Has a long history with filecoin-project and has a lot of connections to teams across filecoin-project.  
+    #    She often has history or context on projects and can anticipate needs or issues that may arise.
+    # 2. She has repeatedly demonstrated promptness to notice and engage in operational/security events, 
+    #    where having the ability to "break class" without barriers (like an "org owner" is able) is most warranted.
     - jennijuju
-    - jmac-sead
-    - laurentsenta
+    # Why @mastrwayne-admin?
+    # 1. Founder/leader of [sead](https://www.sead.ai/), which is charged with sysadmin for critical systems within the wider Protocol Labs Network.
+    # 2. general long-standing sysadmin for these organizations with his past roles at PL Inc.
+    # 3. This isn't mastrwayne's day-to-day GitHub account
     - mastrwayne-admin
-    - mishmosh
-    - momack2
-    - protocolin
-    - raulk
-    - smagdali
-    - Stebalien
   member:
     - aakoshh
     - aarshkshah1992
@@ -38,7 +43,9 @@ members:
     - AmeanAsad
     - androowoo
     - andyschwab
+    - anorth
     - arajasek
+    - arden-sead
     - aronchick
     - art-gor
     - aschmahmann
@@ -62,6 +69,7 @@ members:
     - DiegoRBaquero
     - dkkapur
     - dnkolegov
+    - dr-bizz
     - DrPeterVanNostrand
     - ec2
     - elijaharita
@@ -73,6 +81,7 @@ members:
     - Fatman13
     - figureouter
     - filecoin-ci
+    - filecoin-helper
     - fridrik01
     - frrist
     - gammazero
@@ -88,8 +97,10 @@ members:
     - irenegia
     - ischasny
     - JadTermsani
+    - jbenet
     - jdjaustin
     - jimpick
+    - jmac-sead
     - jnthnvctr
     - joaosa
     - jochasinga
@@ -100,6 +111,7 @@ members:
     - kkarrancsu
     - Kubuxu
     - LaurenSpiegel
+    - laurentsenta
     - lemmih
     - lerajk
     - LesnyRumcajs
@@ -118,6 +130,8 @@ members:
     - mb1896
     - MF416
     - Mingela
+    - mishmosh
+    - momack2
     - monicaortel
     - nicola
     - ninitrava
@@ -133,8 +147,10 @@ members:
     - pl-deploy-bot
     - porcuquine
     - protocol-labs
+    - protocolin
     - q9f
     - raghavrmadya
+    - raulk
     - realChainLife
     - Reiers
     - ribasushi
@@ -146,9 +162,11 @@ members:
     - SeedingTrees
     - sergkaprovich
     - simonkim0515
+    - smagdali
     - smooth-operator
     - snadrus
     - snissn
+    - Stebalien
     - Stefaan-V
     - steven004
     - sudo-shashank
@@ -5086,24 +5104,32 @@ teams:
         - parthpathakweb3
         - trruckerfling
   github-mgmt stewards:
-    # NOTE: created to capture users with push+ access to github-mgmt repository
-    #  using a team instead of direct collaborators because we want to reference it in the CODEOWNERS file
+    # Notes: 
+    # 1. These members have push+ access to the github-mgmt repository (in addition to the org owners listed in "members.admin" above).
+    # 2. Having a team instead of direct collaborators on the github-mgmt repository also enables easy reference in the github-mgmt CODEOWNERS file.
+    # 3. Leaning on "github-mgmt stewards" for day-to-day admin over true org owners was done
+    #    as part of the effort to reduce org owners in https://github.com/filecoin-project/github-mgmt/issues/47 
+    description: Users that are effectively org owners/admins
     members:
-      # WARN: membership here should be treated exactly as cautiosly as having an org admin role
+      # WARN: membership here should be treated as cautiously as having an "org owner" role,
+      # since one can escalate their privileges accordingly.
       # ATTN: members are expected to:
-      #  - be familiar with GitHub Management
-      #  - be ready to triage/review org configuration change request in github-mgmt
-      # The individuals below are listed as "maintainers" rather than "members" because they are filecoin-project owners/admins.
+      #  - be familiar with github-mgmt / github-as-code
+      #  - be ready to triage/review org configuration change requests in github-mgmt
+      # INFO: There are others who could certainly qualify to be members of this team.  
+      # There is a balance to be had to ensure there are enough knowledgeable people available to support the needs/requests of the github org,
+      # and reducing risk by not having too many with the escalation path that this role affords.
+      # INFO: Intentionally minimize "maintainers" so that additional membership is done through github-mgmt rather than the GitHub UI.
+      # INFO: The individuals below are listed as "maintainers" rather than "members" because they are filecoin-project owners/admins (see "org.admin" above).
       # GitHub will auto-bump their team privileges anyway if we don't manually.
       maintainer:
         # Why @galargh?
-        # 1. He has deep knowledge of the tool and its use as the creator.
-        # 2. He is co-founder of IPDX, which has a contract in 2024 to support developer productivity in the filecoin-project ecosystem.
-        - BigLep
+        # 1. Same reasons listed at the top in "members.admin".
+        # 2. He has deep knowledge of the tool and its use as the creator.  This empowers him to help make changes and improvements in a low friction way.
         - galargh
         # Why @jennijuju?
-        # 1. Has a long history with filecoin-project and has a lot of connections to teams across filecoin-project.  
-        #    She often has history or context on projects and can anticipate needs or issues that may arise.
+        # 1. Same reasons listed at the top in "members.admin".
+        # 2. She is part of the team rather than just relying on "org.admin" abilities so she sees the @filecoin-project/github-mgmt-stewards team mentions/notifications.
         - jennijuju
       member:
         # Why @BigLep?
@@ -5119,6 +5145,9 @@ teams:
         #    See https://github.com/ipdxco/github-as-code/issues/126 for more info.)
         # 2. He has experience working with github-mgmt in other contexts (e.g., ipld)
         - rvagg
+        # Why @smagdali?
+        # 1. Serves as technical projects representative for the Filecoin Foundation.
+        - smagdali
   infra:
     members:
       member:
@@ -5165,6 +5194,19 @@ teams:
         - rvagg
         - TippyFlitsUK
         - ZenGround0
+  moderators:
+    description: This team has the Moderators role described in
+      https://docs.github.com/en/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization#organization-moderators
+    # Assigning this team the Moderator role is configured through the GitHub UI, not in github-mgmt.
+    # Sead team members were added 202408 as part of reducing their org ownership in https://github.com/filecoin-project/github-mgmt/issues/47
+    members:
+      maintainer:
+        # @masterway-admin is listed as a maintainer rather than member because GitHub will automatically make him a maintainer given he is an org.admin above.
+        - mastrwayne-admin
+      member:
+        - arden-sead
+        - dr-bizz
+        - jmac-sead
   Motion:
     members:
       member:
@@ -5254,6 +5296,16 @@ teams:
         - AmeanAsad
         - bajtos
         - DiegoRBaquero
+  security-managers:
+    # Note: members of this team have read access to all repos per https://docs.github.com/en/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization#security-managers
+    description: This team has the Security Manager role described in
+      https://docs.github.com/en/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization#security-managers
+    # Filecoin Foundation team members were added 202408 as part of reducing their org ownership in https://github.com/filecoin-project/github-mgmt/issues/47
+    members:
+      member:
+        - parthshah1
+        - relotnek
+        - smagdali
   Sentinel Admin:
     members:
       maintainer: