| 19 Feb 2026 |
 emily | at least not that I've ever seen | 17:23:52 |
| emily | (it couldn't do it via direct push anyway since we don't allow those) | 17:24:09 |
 toonn | It claims to though. | 17:24:18 |
| toonn | Or at least RFC 39 says it should : ) | 17:24:28 |
| emily | I don't see that in the text. it just says that handles should be updated in general, not that a bot should do it | 17:26:28 |
| toonn | Looks like it was aspirational "Somewhat half-hearted attempt at checking all the handles and IDs, but it doesn't really work right now." | 17:28:23 |
| toonn | For an action to add members to the organization (since that's a requisite for team membership) or a team it'd need a token from an app with the "members: write" permission. I assume the app would be an empty shell to carry the token with the permission. Then the action can do API requests using the token, parse the maintainers list, get nixpkgs-maintainers membership through the API and | 17:33:20 |
| toonn | invite missing maintainers to the org/team using another API request. | 17:33:27 |
| emily | the app for CI already exists and has write access to Nixpkgs (so there would be no further exposure than we already have) | 17:36:47 |
| toonn | I'm not sure why you insist on the Nixpkgs write access. Repository access is not enough, "members: write" is an organization level permission. | 17:39:39 |
