The GitHub wikimedia organization (https://github.com/wikimedia) has 56 owners and 2 bots having owner role. The owner role grants full privileges to the whole organization such as deleting any repository, access to all private repositories, change billing etc.
Some owners are not employees nor contractors to the Wikimedia Foundation. Some are from external entities such as Wikimedia Deutschland. There is at least two volunteers (great) I believe both having NDA.
The purpose of this task is:
- identify why the owner role got granted and whether it can be changed to a different role having less privileges.
- write down a policy has to whom can be granted owner role (similar to https://www.mediawiki.org/wiki/Gerrit/Privilege_policy ?)
The complete list of account https://github.com/orgs/wikimedia/people?query=role%3Aowner
Numbers from a previous audit: T245526: Audit @wikimedia GitHub org access (2020)