Does anyone have a good set of best practices for configuring a Github organization and repositories?  I can find 100's of docs on how to USE git and Github well, but not the kind of practices like setting your repositories to only allow merge after a separate approver (not the requestor) has approved the pull request, setting a security policy, things like that.  We've found several items, but a curated checklist would be fantastic.