github-bot icon indicating copy to clipboard operation
github-bot copied to clipboard

Published 20 hours ago verified publisher icon nodejs

Write an audit log

Open jbergstroem opened this issue 8 years ago • 4 comments

Write a log of all commits, opening/closing pr's, etc so we can track whether malicious commits or force pushes were made in case of an incident.

jbergstroem avatar Apr 04 '16 20:04 jbergstroem

👍 This is something I was really pondering. Also- public visibility? I would lean towards yes- but I guess it depends on what is logged. For an example, see the thoughts here: https://github.com/nodejs/inclusivity/issues/85#issuecomment-204236281

williamkapke avatar Apr 04 '16 20:04 williamkapke

I agree with public visibility when we've had the chance to look at output ourselves. This would involve things like changes to memberships too. We likely need to look at all data and draw a line.

jbergstroem avatar May 10 '16 10:05 jbergstroem

As for making this persistent I guess the choice lies with the person that opens the PR, but personally I'd be keen on using postgres over stuff like mongodb.

jbergstroem avatar May 10 '16 10:05 jbergstroem

+1 for postgres. Worth mentioning I think the most important thing is how easy and well suited the db is for querying for insights later, not necessarily if it's easy to insert data.

phillipj avatar May 10 '16 19:05 phillipj