Proposal

samvera, samvera-labs, and samvera-deprecated github organizations will have a set list of members with the "Owner” organizational membership role granting them the ability to add members:

• Board Chair

• Community Manager

• Technical Coordinator

• Product Owners for Hyku, Hyrax, Avalon, and Valkyrie

• Technical Leads for Hyku, Hyrax, Avalon, and Valkyrie

Other active members will be assigned to the Samvera-Contributors team which will be granted the "All-repository write" organization role.
Inactive members will be moved to a new Samvera-Emerita team which will not have an organization role assigned.
The existing "admins", "contributors", and "emerita" teams will be removed.  Ad hoc teams and per-repository roles can still be assigned as needed.
Require secure two-factor authentication (authenticator apps, passkeys, security keys, or the GitHub mobile app) for all members at the Samvera github organization level.

Core Components in rubygems will have owners removed except for a Samvera service rubygems account.  A gem publishing github action will be setup using rubygem's "trusted publisher" feature.  This workflow will be triggered when version tags are pushed and will require the approval within github of one of the tech leads (as part of a core publishing team) or users added by the tech lead to a publishing github team specific to that gem. 

Steps towards implementation

• Discussed on https://samvera.atlassian.net/wiki/x/AYD90

• Created tickets for tracking changes:

  • Change Github roles and permissions · Issue #173 · samvera/maintenance

  • Setup rubygems trusted publisher workflow for core component gems · Issue #174 · samvera/maintenance

• Discussed on https://samvera.atlassian.net/wiki/x/AYBu0w

Email to send to Samvera-tech email list

Greetings current or past Samvera contributor,

The Samvera GitHub Processes and Permissions Working Group is in the process of refining user permissions within the Samvera GitHub organization. Our goal is to have a small core group of active community and technical leaders with expanded permissions to handle membership management, while the rest of the Samvera community retains standard repository level permissions. As such, your effective permissions within the Samvera, Samvera-Deprecated and Samvera-Labs GitHub organizations may change. More details are available in the Samvera Wiki. If you feel you will not have sufficient permissions to continue your work, please reach out to the working group on Slack in the #github-processes-and-permissions-wg channel. We expect to make these changes on Jan 27, 2026.

We are also working on implementing trusted publishing of Samvera Ruby gems via GitHub Actions with the goal of reducing the number of owners associated with each gem, and to provide provenance for the built gems. This will be implemented gradually at a later date as time allows.

Daniel Pierce & Chris Colvard

Samvera GitHub Processes and Permissions Working Group

Email to send to individual committers