Lock down multicodec table.csv until there is governance for it

[darobin]

Summary

At the 2022-11-10 IPFS Implementers Sync, the decision was made to lock the multicodec table.csv until we design some governance for it.

This change removes push access from the Go and JS Teams.

Why do you need this?

We are working towards standardising multi* and that includes standardising a registry from that table. We need to avoid the proliferation of registrations, and ideally carry out some amount of cleanup, and build up governance for it. The first step is to lock it down. Admins can still make changes if absolutely necessary.

What else do we need to know?

This is my first change here, so it may be wrong, and I am new to the community which means I may be committing a woefully inappropriate faux-pas. #YOLO

DRI: myself

Reviewer's Checklist

• It is clear where the request is coming from (if unsure, ask)
• All the automated checks passed
• The YAML changes reflect the summary of the request
• The Terraform plan posted as a comment reflects the summary of the request

[github-actions]

Before merge, verify that all the following plans are correct. They will be applied as-is after the merge.

Terraform plans

multiformats

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  - destroy

Terraform will perform the following actions:

  # github_team_repository.this["Go Team:multicodec"] will be destroyed
  # (because key ["Go Team:multicodec"] is not in for_each map)
  - resource "github_team_repository" "this" {
      - etag       = "W/\"7feef9aadcb96926e4495165a8b5c77942401decee1a1322977c222f096de2c0\"" -> null
      - id         = "2210603:multicodec" -> null
      - permission = "push" -> null
      - repository = "multicodec" -> null
      - team_id    = "2210603" -> null
    }

  # github_team_repository.this["JavaScript Team:multicodec"] will be destroyed
  # (because key ["JavaScript Team:multicodec"] is not in for_each map)
  - resource "github_team_repository" "this" {
      - etag       = "W/\"7feef9aadcb96926e4495165a8b5c77942401decee1a1322977c222f096de2c0\"" -> null
      - id         = "2123131:multicodec" -> null
      - permission = "push" -> null
      - repository = "multicodec" -> null
      - team_id    = "2123131" -> null
    }

Plan: 0 to add, 0 to change, 2 to destroy.

[rvagg]

yeah, this is pretty minimal, admin+stewards is already an overly-broad group so this isn't even locking down much, and tbh it's not really going to change how the repo has been managed for the last couple of years.

[vmx]

It's good to see that the discussion about governance is starting, it's something that I wanted to see for years.

[galargh]

FYI, only members of github-mgmt stewards team can merge the PRs in this repo. Since there are 2 approves here already, I'm going to do it.

[darobin]

On 22/11/2022 00:05, Rod Vagg wrote: yeah, this is pretty minimal, admin+stewards is already an overly-broad group so this isn't even locking down much, and tbh it's not really going to change how the repo has been managed for the last couple of years.

Yeah — I tried to think about better options. I don't know the space well enough to trim down admin+stewards myself just yet. One alternative is to lock this down to just one person or to a small list, and possibly also add a mention in the readme that the table is frozen for now. The repo doesn't get updated that frequently, so it's manageable.

…

-- Robin Berjon Governance & Standards at Protocol Labs https://berjon.com/

[willscott]

this seems like not the actually intended behavior and i'd like to limit this to protection of the main branch.

Push access means i can't directly make a PR to start a discussion. I don't think that's the intention and what you want for now is more limited approval for actually merging things.

It isn't sustainable to say we won't allow discussion / include any updated protocols for months at a time - the alternative is that people will continue allocating codecs that make sense without contributing them or having the discussion here.

[rvagg]

@galargh could you help us with the settings to just protect merges into the main branch for now, then it's not so important who has branch access? I guess something similar to what's going on in go-car now might be appropriate and it looks like we have a bunch of settings to enable here to make that happen.

Alternatively, give me some pointers and I'll put up a PR.

[galargh]

I just enabled a more fine-grained configuration of branch protection rules in this repo.

Here's the current config for master protection of multicodecs:

github-mgmt/github/multiformats.yml

Lines 1055 to 1070 in c677062

	master:
	allows_deletions: false
	allows_force_pushes: false
	enforce_admins: true
	require_conversation_resolution: false
	require_signed_commits: false
	required_linear_history: false
	required_pull_request_reviews:
	dismiss_stale_reviews: false
	require_code_owner_reviews: false
	required_approving_review_count: 1
	restrict_dismissals: false
	required_status_checks:
	contexts:
	- validate
	strict: true

Now you can modify them through a PR 🎉

[willscott]

Please also add back the Contributors group at least to be able to write to the repo

[rvagg]

I think #67 gets us to where we want to be