[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debian github organization ?

On 20/07/15 14:50, Russ Allbery wrote:
Er, you're responding to Ian as if you've never before heard of the
concept of using separate authentication credentials for different
purposes, but this is a very old and respected technique and a standard
security approach.  It's a form of privilege separation and roles?
Consider, for example, having entirely separate work and personal
computing hardware with separate keys.  (I highly recommend anyone who
isn't self-employed do the latter, btw.  It keeps things much simpler,
particularly if you change employers.)

The first post in this thread noted that GitHub permit only a single free account per person, which precludes the use of separate accounts for separate roles (unless paid accounts are purchased, as was also noted earlier). My remarks are in this context.

The problem with per-role accounts is the loss of connection and reputation on loss of account. The growth of social media and social coding is changing the workplace. No longer is a role associated with a job. Rather, reputation and authority follow individuals. This is a shock to corporate culture, who are just going to have to suck it up and adapt. The world has changed. Consider the growth of Bring Your Own Device. Do you also discard your Google, StackExchange, and LinkedIn profiles when you change jobs? I think not. GitHub is no different. The downside for workers is the blurring of the boundary between work and private life, and the need for careful identity and professional reputation management. The adaptation for business is access control that is not based on the business owning the identity of an employee.

In any case, I think it would be great to have one or more Debian organizations on GitHub. A decent technology that can ease collaborative development by building maintainer teams. I acknowledge the identity management and security concerns raised on this list as valid, but they need not prevent use of GitHub organizations.

Kind regards,

Ben Caradoc-Davies <ben@transient.nz>
Transient Software Limited <http://transient.nz/>
New Zealand

Reply to: