Project Administration

This section documents all the information necessary to administer the infrastructure which makes the project possible.


SSL certificates for all HTTPS-enabled domains are retrieved via Let’s Encrypt, so that data does not represent an explicitly-managed secret.

Third-party account owners

Emergency playbook

Lock down write access to the repo

Recommended but not yet verified approach: Create a new branch protection rule that applies to * (i.e. all branches), and check “Restrict who can push to matching branches”. This should prevent everyone except those with the “Maintain” role (currently only the GitHub admins listed above) from pushing to any branch. To lift the limit, delete this branch protection rule.

Alternative approach proven to work in #21424: Go to manage access, and change the permission of “reviewers” to “Read”. To lift the limit, change it back to “Write”. This has the known downside of resubscribing all reviewers to repo notifications.