Hello @jkakar, @geemus, @brandur, @djcp, @mathias, @schneems, @beanieboi. I hope this issue finds you well.
I'm reviewing owner access on the gem and wanting to tighten things up. You are the current RubyGems owners. While this repo was conceived at Heroku, and I think Heroku is probably the largest consumer, it's in a different org and is operated like an OSS project. I don't think someone HAS to work at heroku to contribute or own this, however, it's how I got my access, and mostly that's how it's been run.
I want to reduce the Rubygems owners to @mathias and me. If you want to get access back, you're all still in good standing. You can reach me via commenting below, but I'm also regularly drowning in a sea of GH emails/notifications, so I might not see it come in. Following up on my Mastodon https://ruby.social/@schneems is appreciated and will likely get the fastest response.
Thanks a ton for all your work over the years. This is purely a principle of least privilege (PoLP) strategy to reduce the number of tokens in the wild that have access to release this. I'm also taking other measures, such as requiring MFA for releases.
Hello @jkakar, @geemus, @brandur, @djcp, @mathias, @schneems, @beanieboi. I hope this issue finds you well.
I'm reviewing owner access on the gem and wanting to tighten things up. You are the current RubyGems owners. While this repo was conceived at Heroku, and I think Heroku is probably the largest consumer, it's in a different org and is operated like an OSS project. I don't think someone HAS to work at heroku to contribute or own this, however, it's how I got my access, and mostly that's how it's been run.
I want to reduce the Rubygems owners to @mathias and me. If you want to get access back, you're all still in good standing. You can reach me via commenting below, but I'm also regularly drowning in a sea of GH emails/notifications, so I might not see it come in. Following up on my Mastodon https://ruby.social/@schneems is appreciated and will likely get the fastest response.
Thanks a ton for all your work over the years. This is purely a principle of least privilege (PoLP) strategy to reduce the number of tokens in the wild that have access to release this. I'm also taking other measures, such as requiring MFA for releases.