- Issue created by @cmlara
Part of 🌱 [META] Increase Security of Project Ownership Transfer Process Active . This may belong on D.O. Customization however opening here first as its subject related.
Currently many stages in the project ownership process depend upon human trust (applicant asserts they took an action but no proof they did) and is subject to human error (failure to validate an applicant meets the requirements, failure to send notifications, etc)
As such we should automate the majority of the process to remove humans from the steps that can be automated and use them solely for human review.
Applicants should visit a page on D.O. where they are prompted for the module they wish to adopt and at what level (Owner/maintainer/co-maintainer).
The page should:
Validate the user meets the required gates.
Create an issue in the Issue Queue
Email the relevant project owners/mainatiners a link to allow them to accept/deny the request along with the issue thread so they may review and publicly comment.
If the required level of maintainer does not respond D.O. should:
Re-run the user gates to be sure the user is still eligible.
Move the existing issue to the Project Ownership queue with a note that the project maintainers have not responded.
Await for a project ownership queue maintainer to review the issue and approve/deny.
Upon approval by a Project Ownership queue admin (or the module maintainers) D.O. should (again) re-run user gaits and programmatically add the access rights for the applicant (to avoid human error and to reduce the number of accounts that have rights to change user permissions).
Active
3.0
Code