I did a round of housecleaning in the “committers” team in the Scala organization on GitHub and removed about half of the members — folks who haven’t been actively involved, within the last year or so, in work requiring write access to scala/* repos.
We still like and trust y’all. It’s just a bit of a security risk to leave your committer bit set indefinitely. Happy to add you back on request if the access would be actively useful to you.
I can tell, there should not be so much more committers here.
Each commit should be submit as PR, the core team should review and decide allow or reject the PR.
Directly commit code into git repository is so dangerous.
I agree. In practice, that is in fact how we operate in the scala/scala repo itself. All changes happen through PRs, not through direct pushes. And nobody gets the commit bit until they’ve been around and participating long enough that we’re confident that they’re not going to use it to prematurely merge controversial, risky, and/or insufficiently reviewed PRs.
(Other repos under scala/* may be a bit looser, but regardless, the core team is keeping an eye on things and making sure that things stay within reasonable bounds.)
Note also that the commit bit is useful for other things besides merging PRs — e.g., to close issues, assign milestones, and so forth.
(GitHub offers a “triage” permissions level, but they only added that relatively recently.)