When a dev needs to be added to a GitHub team, we need that request to come from a known party, e.g. another dev or a PO, who can vouch for them. It is difficult/impossible to vet these requests independently.
Can we just announce this as a policy at the Tech Leads meeting tomorrow? Probably we need a “guideline” document at dev.folio.org or a page on the wiki. Alternatively, since this feels like a security policy, should the security team own this, vet this, be responsible for announcing and documenting this, etc.? Whomever the owner, there is a strong desire from DevOps to keep the policy really simple.
Our thoughts are:
Seems reasonable to ask POs or Tech Lead to approve the addition
Is this a Security issue or a Tech Council (process) issue?