Clarify who maintains securesystemslib #444
Comments
|
Let's actually discuss who should have which GitHub/PyPI permissions for |
Should be a union of the two maintainer sets IMHO. |
|
My 2c:
A minimal list of people: just enough to avoid bus factor issues.
I sympathize with the implicit wish for more maintainer resources... but I don't think people should be given permissions to do something that they are not actually planning to do: that just increases attack surface without benefits. I do support nudging all python-tuf and in-toto maintainers to make an active decision: are they willing to be securesystemslib maintainers or not? this could be a yearly check as well. My response the question: I suppose that makes sense, I can be a maintainer here. |
|
Datadog uses and contributes to it enough that we are also willing to be maintainers. |
|
I currently don't have PyPI permissions but I do have GitHub permissions. I'd like to retain the latter for some issues but I don't have the bandwidth to chime in on every PR. I'm also open to giving those up and subscribing to relevant PRs / issues directly. On that point, if there are others who feel similarly, I wonder if we can link this repo to a channel on the CNCF slack so we can stay notified about new PRs and issues without getting all the GitHub notifications, and then subscribe to the specific threads that matter. |
Description of issue or feature request:
From my understanding
securesystemslibis maintained byin-totoandpython-tufmaintainers. This is not clear to the public.Current behavior:
Unclear who maintains
securesystemslib.Expected behavior:
securesystemslibcc @JustinCappos, @SantiagoTorres, @adityasaky, @awwad, @jku, @joshuagl, @mnm678, @trishankatdatadog
The text was updated successfully, but these errors were encountered: