Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
  1. How does a developer request access to Bahmni code?

  2. Which “team” do they get added to?

  3. Who can “raise” a PR to Bahmni code? Do they need repo access? Is raising a PR optional?

  4. Who has “commit” rights to Bahmni organisation repos? What is the process for getting direct commit access to Bahmni code?

  5. How often is the access rights of developers reviewed, to ensure people who are no longer “associated” with Bahmni are not continuing to have access?

  6. How do we ensure malicious code does NOT make it into Bahmni code / builds / images?

    1. Answer: Enable Branch Protection and ensure every code commit has one Approver from core team. See this Jira issue:

      Jira Legacy
      serverSystem JIRA
      serverId32584f0f-f83d-3b0b-b91f-826465c6b0b8
      keyBAH-3097
      )

  7. How do we secure API keys / sensitive passwords which are needed to access AWS or other external services during the build process? (need a different wiki page for this?)