Re: debian github organization ?

To: Russ Allbery <rra@debian.org>, debian-devel@lists.debian.org
Subject: Re: debian github organization ?
From: Ben Caradoc-Davies <ben@transient.nz>
Date: Mon, 20 Jul 2015 15:25:42 +1200
Message-id: <[🔎] 55AC6A36.1040408@transient.nz>
In-reply-to: <[🔎] 87si8jbkzy.fsf@hope.eyrie.org>
References: <CAJxTCxxwibge546jAWP3TOKtd2NHCJHSTG_G8qK1CwAVncrURA@mail.gmail.com> <[🔎] 87lheciif3.fsf@mid.deneb.enyo.de> <[🔎] CACujMDN1j8M+jsHPQw1Yza=CUaFprsghnac1qnCiHT0Kq6jR7A@mail.gmail.com> <[🔎] 87si8kfkgs.fsf@mid.deneb.enyo.de> <[🔎] 55AB9670.7020008@transient.nz> <[🔎] 21932.15961.964701.620525@chiark.greenend.org.uk> <[🔎] 55AC4DB4.4010801@transient.nz> <[🔎] 87si8jbkzy.fsf@hope.eyrie.org>

On 20/07/15 14:50, Russ Allbery wrote:

Er, you're responding to Ian as if you've never before heard of the
concept of using separate authentication credentials for different
purposes, but this is a very old and respected technique and a standard
security approach.  It's a form of privilege separation and roles?
Consider, for example, having entirely separate work and personal
computing hardware with separate keys.  (I highly recommend anyone who
isn't self-employed do the latter, btw.  It keeps things much simpler,
particularly if you change employers.)

The first post in this thread noted that GitHub permit only a singlefree account per person, which precludes the use of separate accountsfor separate roles (unless paid accounts are purchased, as was alsonoted earlier). My remarks are in this context.

The problem with per-role accounts is the loss of connection andreputation on loss of account. The growth of social media and socialcoding is changing the workplace. No longer is a role associated with ajob. Rather, reputation and authority follow individuals. This is ashock to corporate culture, who are just going to have to suck it up andadapt. The world has changed. Consider the growth of Bring Your OwnDevice. Do you also discard your Google, StackExchange, and LinkedInprofiles when you change jobs? I think not. GitHub is no different. Thedownside for workers is the blurring of the boundary between work andprivate life, and the need for careful identity and professionalreputation management. The adaptation for business is access controlthat is not based on the business owning the identity of an employee.

In any case, I think it would be great to have one or more Debianorganizations on GitHub. A decent technology that can ease collaborativedevelopment by building maintainer teams. I acknowledge the identitymanagement and security concerns raised on this list as valid, but theyneed not prevent use of GitHub organizations.


Kind regards,

--
Ben Caradoc-Davies <ben@transient.nz>
Director
Transient Software Limited <http://transient.nz/>
New Zealand

Reply to:

Follow-Ups:
- Re: debian github organization ?
  - From: Russ Allbery <rra@debian.org>

References:
- Re: debian github organization ?
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: debian github organization ?
  - From: Andrew Shadura <andrew@shadura.me>
- Re: debian github organization ?
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: debian github organization ?
  - From: Ben Caradoc-Davies <ben@transient.nz>
- Re: debian github organization ?
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: debian github organization ?
  - From: Ben Caradoc-Davies <ben@transient.nz>
- Re: debian github organization ?
  - From: Russ Allbery <rra@debian.org>

Prev by Date: Re: debian github organization ?
Next by Date: Re: debian github organization ?
Previous by thread: Re: debian github organization ?
Next by thread: Re: debian github organization ?
Index(es):
- Date
- Thread