
GitHub advertises a Billing Manager role, see more here: https://docs.github.com/en/organizations/managing-peoples-access-to-your-org... One of the listed permissions is: "Start, modify, or cancel sponsorships" - is that what is necessary for the thanks.dev management? In the spirit of what William noted, would it be worth trying that out first, and expanding to full admin only if necessary to manage the integration? -M On Wed, May 22, 2024 at 9:47 AM William Woodruff <william@yossarian.net> wrote:
No objections in principle, but as a practical matter: is there a “principle of least authority” option here? In other OSS orgs I’m in we use fine-grained permissions to avoid giving people credentials that they don’t actually require (to reduce an attacker’s ability to pivot on a compromised account), and it’d probably be good to do the same here rather than providing blanket admin rights to all repos.
OTOH this may not be possible from a credential/scoping perspective; not sure how thanks.dev works.
Best, William
Sent from mobile. Please excuse my brevity.
On May 22, 2024, at 3:08 PM, Matthias Bussonnier < bussonniermatthias@gmail.com> wrote:
No objections,
I'm also managing thanks.dev for IPython/Jupyter, do you want me to enable the integration with the PyPA org ? (it only requires read access I believe, and I think I can only send a request to activate the integration, and someone else need to approve).
I'm still a bit confused about how exactly thanks.dev works, the UI is a bit confusing, but my experience is that it is similar to tidelift, except you can forward the funds you receive to other projects – both as a one-time process, or recurrent.
-- Matthias
On Wed, 22 May 2024 at 14:09, Bernat Gabor <gaborjbernat@gmail.com> wrote:
Will PSF act here same way it does currently for tidelift? As in virtualenv could also take advantage to acquire funds, that have been donated?
On Wed, May 22, 2024, 08:03 Pradyun Gedam via PyPA-Committers < pypa-committers@python.org> wrote:
Hi folks!
Phyllis from the PSF reached out about being added as an admin to the pypa organisation to manage the thanks.dev integration that we have for the PyPA where Sentry is donating funds to pip. If there's any concerns with this, please let me know. If no concerns are raised by next week (Friday, 24th), I'll go ahead and do this.
Best, Pradyun
PS: @Phyllis Dobbs <phyllis@python.org> I did send you an invite and redacted it since I think I'll wait for folks to raise concerns before doing this.
_______________________________________________ PyPA-Committers mailing list -- pypa-committers@python.org To unsubscribe send an email to pypa-committers-leave@python.org https://mail.python.org/mailman3/lists/pypa-committers.python.org/ Member address: gaborjbernat@gmail.com
_______________________________________________ PyPA-Committers mailing list -- pypa-committers@python.org To unsubscribe send an email to pypa-committers-leave@python.org https://mail.python.org/mailman3/lists/pypa-committers.python.org/ Member address: bussonniermatthias@gmail.com
_______________________________________________ PyPA-Committers mailing list -- pypa-committers@python.org To unsubscribe send an email to pypa-committers-leave@python.org https://mail.python.org/mailman3/lists/pypa-committers.python.org/ Member address: william@yossarian.net
_______________________________________________ PyPA-Committers mailing list -- pypa-committers@python.org To unsubscribe send an email to pypa-committers-leave@python.org https://mail.python.org/mailman3/lists/pypa-committers.python.org/ Member address: miketheman@gmail.com