We can't figure out how to allow devs to collaborate #23543

chase-moskal · 2022-01-30T23:30:50Z

chase-moskal
Jan 30, 2022

we’ve been exhaustively experimenting with github organization roles/permissions settings, to enable our developer community to collaborate, but can’t find a solution.

our repo has a large git lfs data library. for this reason, it’s not feasible to expect devs to fork our repo, because it will soon exceed their free github account lfs data quotas. this means, we need to be able to add them onto an organization team, that allows them to push branches.
we can’t figure out how to enable the members on that team to push branches without being able to overwrite or delete other user’s branches.
we want users to, effectively, have ownership over their own branches, without being able to disturb branches created by other users on the team.
as an open source project, we need to allow hundreds of collaborators onto this team, and we can’t vet them all to ensure they have good intentions. we need to allow them to contribute without doing damage to the work of the other devs.

what settings might we be missing or misunderstanding? is there a valid way to configure this project to securely enable open source collaborations?

Answered by chase-moskal

Jan 31, 2022

we can now consider this issue fixed.

doing more research, we noticed the following information in github documentation

Pushing large files to forks of a repository count against the parent repository’s bandwidth and storage quotas, rather than the quotas of the fork owner.

this discards our misunderstanding, thinking that forking an lfs repo means cloning all its data to that user’s github account. it doesn’t.
🎉 this means the traditional fork-and-pullrequest workflow is viable for volunteer devs to collaborate.

however, as a side-issue, this information is a little concerning: it sounds like anybody can fork any public git lfs repo, and maliciously dump huge amounts of data onto it…

View full answer

chase-moskal · 2022-01-31T03:31:37Z

chase-moskal
Jan 31, 2022
Author

we can now consider this issue fixed.

doing more research, we noticed the following information in github documentation

Pushing large files to forks of a repository count against the parent repository’s bandwidth and storage quotas, rather than the quotas of the fork owner.

this discards our misunderstanding, thinking that forking an lfs repo means cloning all its data to that user’s github account. it doesn’t.
🎉 this means the traditional fork-and-pullrequest workflow is viable for volunteer devs to collaborate.

however, as a side-issue, this information is a little concerning: it sounds like anybody can fork any public git lfs repo, and maliciously dump huge amounts of data onto its lfs storage, until quotas are exceeded, effectively disabling the project. that doesn’t sound too good… i suppose that’s something for github support to work out when such an attack occurs…

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Community

We can't figure out how to allow devs to collaborate #23543

{{title}}

Replies: 1 comment

{{title}}

Select a reply

GitHub Community

We can't figure out how to allow devs to collaborate #23543

chase-moskal Jan 30, 2022

Replies: 1 comment

chase-moskal Jan 31, 2022 Author

chase-moskal
Jan 30, 2022

chase-moskal
Jan 31, 2022
Author