Guidelines and Procedures

Indiana University encourages and supports the establishment and publishing of open source code repositories under the following conditions and guidelines:

Procedures for Publishing Open Source

Archiving an Open Source Repository

It is expected that some projects which are published as open source will eventually become abandoned or no longer relevant. In these cases, it is in the best interest of Indiana University to remove these from the public GitHub. Requests for archival should go through opensource@iu.edu and can proceed in one of two ways:

  1. Request that the repository be archived in GitHub.
  2. Request that the repository be deleted in GitHub. This is destructive and cannot be undone!

Responding to Security or Data Breach

While it is the responsibility of everyone participating in an open source project to ensure no secretes or non-public information makes its way into a repository by accident, accidents do happen. If you suspect or know of the existence of sensitive data in a public open source repository, notify it-incident@iu.edu and opensource@iu.edu immediately and without delay so that appropriate action may be taken. The open source administrators will immediately transfer your repository to a private repository so that it can be quarantined for further analysis without risking additional exposure. They will then contact you for further details on how to proceed.

Remember, simply deleting an offending file from a git repository will not delete its history!

Please follow these same procedures if you suspect that someone has gained unauthorized commit access to your repository.

Administration

Proper administration of organizations in GitHub.com that contain open source repositories is critical to ensuring security of the code contained therein and controlling the university’s risk. This document is intended for the IU Open Source Administrators who are responsible for maintaining the indiana-university organization as well as those who have a need to administer their own GitHub.com organization that contains open source repositories.

Organization Administration Guidelines

The administrators of a GitHub.com organization used for publishing open source repositories are responsible for the following:

IU Open Source Administrators

A small cross-UITS group will be established with the following responsibilities:

The indiana-university organization in GitHub will be configured as follows: