docs/Homebrew-Governance: import changes.
These are changes that were made in the private repository mirror and either voted on by members already (where they were changes) or were agreed clarifications on existing policy.
This commit is contained in:
Mike McQuaid
parent
bed8ccc5d3
commit
1ed083f607
@ -7,6 +7,10 @@
|
||||
- AGM: Annual General Meeting
|
||||
- An ordinary resolution requires a majority of the votes cast.
|
||||
- A special resolution requires a two-thirds supermajority of the votes cast.
|
||||
- Primary repositories: the three highest-traffic, security-critical repositories in the Homebrew project:
|
||||
- [Homebrew/brew](https://github.com/Homebrew/brew) ([contributions](https://github.com/Homebrew/brew/graphs/contributors)),
|
||||
- [Homebrew/homebrew-core](https://github.com/Homebrew/homebrew-core) ([contributions](https://github.com/Homebrew/homebrew-core/graphs/contributors)),
|
||||
- [Homebrew/homebrew-cask](https://github.com/Homebrew/homebrew-cask) ([contributions](https://github.com/Homebrew/homebrew-cask/graphs/contributors))
|
||||
|
||||
## 2. Members
|
||||
|
||||
@ -14,7 +18,7 @@
|
||||
|
||||
2. Members may vote in all general elections and resolutions, hold office for Homebrew, and participate in all other membership functions.
|
||||
|
||||
3. Members are expected to remain active within Homebrew, and are required to affirm their continued interest in Homebrew membership annually.
|
||||
3. Members are expected to remain active within Homebrew. Members who are not active maintainers or active committee members are required to affirm their continued interest in Homebrew membership annually by voting on annual measures, even if voting abstention. Inactive, unaffirmed, non-voting members will be removed within 14 days after the annual meeting unless excused by the PLC.
|
||||
|
||||
4. A member may be removed from Homebrew by an ordinary resolution of the PLC. A removed member may be reinstated by the usual admission process.
|
||||
|
||||
@ -122,27 +126,37 @@
|
||||
|
||||
1. All maintainers are automatically members. Some, not all, members are maintainers.
|
||||
|
||||
2. Maintainers are members with commit/write-access to at least one of: Homebrew/brew, Homebrew/homebrew-core, Homebrew/homebrew-cask.
|
||||
2. Maintainers are members with commit/write-access to at least one primary repository.
|
||||
|
||||
3. New maintainers can be nominated by any existing maintainer. To become a maintainer, a nomination requires approval from one of the PL or any member of the TSC with no opposition from any these people within a 24 hour period excluding 19:00 UTC on Friday until 19:00 UTC on the following Monday. If there is opposition, the TSC must vote on the nomination in the #tsc private Slack channel, with the vote closing after a week or when a majority of the TSC has voted. The nomination will succeed by simple majority vote of the votes cast.
|
||||
3. New maintainers can be nominated by any existing maintainer. To become a maintainer, a nomination requires approval from one of the PL or any member of the TSC with no opposition from any of these people within a 24-hour period, excluding 19:00 UTC on Friday until 19:00 UTC on the following Monday. If there is opposition, the TSC must vote on the nomination in the #tsc private Slack channel, with the vote closing after one week or after the outcome of the vote would not be changed by any subsequent votes (such as when a majority of the TSC has voted in favor or against). The nomination will succeed by a simple majority vote of the votes cast.
|
||||
|
||||
4. The Homebrew organization endeavors to operate under the principle of least privilege. In accordance with this, maintainers' write/commit access will be reviewed yearly by the Project Leader before the AGM and removed from those who have not been consistently doing all of:
|
||||
4. In accordance with Homebrew's organizational security posture, which requires operating under the principle of least privilege, the PL will review maintainers' write/commit access no later than six weeks before the AGM. The PL will remove maintainer privileges from those who have not consistently met these criteria:
|
||||
|
||||
- having more [contributions to Homebrew/brew](https://github.com/Homebrew/brew/graphs/contributors), [Homebrew/homebrew-core](https://github.com/Homebrew/homebrew-core/graphs/contributors) and/or [Homebrew/homebrew-cask](https://github.com/Homebrew/homebrew-cask/graphs/contributors) than the majority of non-maintainer contributors in at least one of these repositories
|
||||
- performing timely reviews and merges of PRs of other maintainers and contributors (rather than just merging their own PRs) in Homebrew/brew, Homebrew/homebrew-core and/or Homebrew/homebrew-cask
|
||||
- performing timely reviews to direct GitHub review requests or GitHub reviews for any subteams they are part of (e.g. Homebrew/linux) in any repository in the Homebrew organisation
|
||||
- being responsive to direct mentions on GitHub and direct mentions in Slack from the Project Leader and other maintainers
|
||||
- maintaining a positive working relationship with the PL and other maintainers.
|
||||
- having more contributions to primary repositories than the majority of non-maintainer contributors in at least one of these repositories
|
||||
- reviewing and merging of PRs of other maintainers and contributors in primary repositories
|
||||
- the PL will exclude from consideration non-essential pull requests submitted and merged by the same person
|
||||
- reviewing any direct GitHub review requests or GitHub reviews for any subteams they are part of (e.g. Homebrew/linux) in any repository in the Homebrew organisation
|
||||
- responding to direct mentions on GitHub and direct mentions in Slack from the PL and other maintainers
|
||||
- maintaining a positive working relationship with the PL and other maintainers
|
||||
- engaging actively to resolve conflict with the PL or other maintainers, with a neutral intermediary upon request
|
||||
|
||||
If a maintainer does not fulfill these requirements they will be asked to step down as a maintainer but can remain as a member.
|
||||
Maintainers who do not fulfill these requirements will be removed as a maintainer but may remain a member if they wish.
|
||||
|
||||
The following will not be factored into the decision as, despite being appreciated, they do not require commit/write access:
|
||||
The PL will not consider the following activities because they do not require commit or write access on security-critical repositories:
|
||||
|
||||
- contributions to the wider Homebrew organisation, repositories (other than the 3 above) or ecosystem
|
||||
- contributions to the wider Homebrew organisation, repositories excluding the main, security-critical repositories, or the greater Homebrew ecosystem
|
||||
- contributions in previous years as a maintainer or contributor
|
||||
- contributions to the governance documents, the PLC, GSoC, MLH, social media, Homebrew's discussion forum, etc.
|
||||
|
||||
If a maintainer believes their removal is unwarranted, they can request a TSC vote (to be completed before the AGM) on whether to block their removal as a maintainer. Through requesting this vote they implicitly state that they plan on addressing any missing criteria above. If the TSC (or Project Leader) feels there has been insufficient progress on the criteria above for any blocked removal, they can re-request a TSC vote. A vote can also be requested by the TSC (or Project Leader) for noticeable uncommunicated/unplanned inactivity or unresponsiveness. These votes can occur once a quarter per-maintainer until the next AGM. These votes can start one quarter after the 2023 AGM.
|
||||
If a maintainer wishes to appeal their removal, they may request a TSC review of the decision. This appeal must be lodged within 72 hours of removal.
|
||||
The appellant will confirm their intent to address any unfulfilled criteria which caused the removal.
|
||||
The TSC will review the decision within one week.
|
||||
A member of the TSC, who is not the PL, will respond immediately upon upholding or reversing the decision.
|
||||
The PL will restore access as soon as is feasible if the TSC votes to reverse the removal.
|
||||
If the TSC or PL feels that the maintainer has not made sufficient progress on the criteria for any reversed removal,
|
||||
they may request a second TSC review no sooner than 30 days after the initial reversal.
|
||||
The TSC or PL may request a review in the event of noticeable uncommunicated inactivity or unresponsiveness.
|
||||
The TSC will consider appeals no more than once per quarter per maintainer until the next AGM.
|
||||
The TSC will not consider any maintainer removal review until three months after the 2023 AGM.
|
||||
|
||||
In emergency situations, including but not limited to malicious commits, suspicious activity, abuse of resources, or any action or activity that could harm the security posture of the Homebrew codebase, systems, or organisation, the PL or anyone with the capability to remove privileges may remove a maintainer's privileges. Upon doing so, they must inform the PLC and the TSC. The PLC will review the impact of the situation for further action. The TSC will review the removal of any maintainer removed under this clause within two weeks and instruct the PL to restore the maintainer's privileges only if the situation is resolved. The TSC will document the situation in an incident report to be shared with members and recommend changes to security settings or this governance document to prevent the situation from occurring again.
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user