alt Hacker NewsThat requires a lot of infra that isn’t built into _any_ of our tooling.
It’s not so much about decision making as it is about the practical reality that people at that level basically need at least read access to a lot of secrets.
You could say “maybe jazzband can infra its way out of those problems” but that’s a looooot of work! “N out of M consensus on making a GitHub API request to set who is a maintainer” * every single action roadies need to do
It’s not just about bad actors either. Imagine a jazzband roadie getting credentials stolen via some npm-y attack. Obviously this problem exists in the project in the current form but _that problem gets worse just onboarding people_
> maybe jazzband can infra its way out of those problems
Maybe jazzband can't infra their way out of the problem, but maybe we can create some tools that will help orgs that encounter this problem in future...
... that's a software engineer in me talking. I have no idea how to organize communities, but I may know a thing or two about making software. And when you've got a hammer in your hands everything starts looking like a nail...