Changing default "organization member" permissions to "None", giving "core-devs" admin on all public repos

[ryan-williams]

The @zarr-developers/steering-council is interested in using GitHub to store and collaborate on private documents (e.g. contracts and legal documents related to our CZI funding).

The best way to get the access topology we want appears to involve:

• create @zarr-developers/core-devs team, including all organization members, for easy restoration of "admin" permissions to repos
• give @zarr-developers/core-devs "admin" permissions on all public repos (notebook)
• set "base member privileges" in the zarr-developers organization to "None"
  • (org members are all in core-devs, and thus retain admin permissions on all public repos)

This set of steps shouldn't change anyones' access to repositories under zarr-developers.

The main downside seems to be that, going forward, new-repo creators will need to give "admin" rights to the core-devs team. Consensus on @zarr-developers/steering-council is that that's worth the streamlining of our processes. I also believe this is an established pattern for leveraging GH Teams for access-control.

I plan to complete the final step above tomorrow. If some assumption is wrong and it does change anyones' access in an undesired way, we can always revert. Comments welcome!

[alimanfoo]

OK by me.

[ryan-williams]

I finally did this. Please holler if something seems off.

[jakirkham]

Thanks Ryan! 😄

[joshmoore]

Note: this got a pretty big overhaul via #17 in preparation for the implementation council.