admin/brew
1
0
Fork 0
Code Issues Packages Projects Releases 6 Wiki Activity

Homebrew-Governance: import merged PRs from homebrew-governance-private

Browse Source 
These PRs were all approved by the majority of the PLC and the majority
of them approved by the majority of the TSC. They are being put here for
a members vote, ideally before the AGM.

- Replace some "Owners" with "billing managers" and "moderators"
  - Now that GitHub has more granular roles available such as "billing
    managers" and "moderators": let's tighten up our security posture by
    only have 3 folks who need to be "Owners" rather than 10.
- Max two PLC terms
  - We discussed this one year terms last year but this seems a better
    solution. Given we refresh maintainers, TSC and the Project Leader
    yearly: this seems more consistent, responsive and fair. Note this
    would only apply to candidates for the PLC from 2024.
- Tweak nomination rules
  - Do not require any nomination: any member can run for the PLC. This
    simplifies the procedure: no nomination vote has to be done inside
    the old PLC. Members do not need to go and find someone to sponsor
    them. Just apply and let the vote begin. Ask to write down the
    intentions and keep a candidate list by using a Slack channel, to
    keep track of everything
- Mandate that the PLC report their activities
  - Mandating that the PLC report back their actions throughout the
    year. The wording here is intentionally strong - I feel it is very
    important for the health of the PLC and the membership for this to
    be stuck to.
- Don't need financial statements, have OpenCollective
  - Now that we have an open, publicly readable ledger of all our
    financial transactions: there does not seem to be any need to
    continue to have the PLC re-publish reports of our finances
    (which were hidden to all but the PLC in our SFC days).
- Make maintainer removal more explicit.
  - Improve this guidelines to provide more evidence for why, what and
    how this process occurs
  - Allow maintainers to appeal the decision of the project leader
  - Allow the project leader to re-request this vote if no progress is
    made
- Clarifies maintainer nomination process language/formatting
This commit is contained in:
Mike McQuaid 2023-02-02 17:15:28 +00:00
parent cdc6a4f11f
commit 7d4c18bb50
No known key found for this signature in database
GPG Key ID: 3338A31AFDB1D829
1 changed files with 33 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
docs/Homebrew-Governance.md
View File

@ -50,16 +50,20 @@
1. The financial administration of Homebrew, organisation of the AGM, enforcement of the code of conduct and removal of members are performed by the PLC. The PLC will represent Homebrew in all dealings with Open Collective.
2. The PLC consists of five members including the Project Leader. Committee members are elected by Homebrew members in a [Meek Single Transferable Vote](https://en.wikipedia.org/wiki/Counting_single_transferable_votes#Meek) election using the Droop quota. Each PLC member will serve a term of two years or until the member's successor is elected. Any sudden vacancy in the PLC will be filled by the usual procedure for electing PLC members at the next general meeting, typically the next AGM.
2. The PLC consists of five members including the Project Leader. Committee members are elected by Homebrew members in a [Meek Single Transferable Vote](https://en.wikipedia.org/wiki/Counting_single_transferable_votes#Meek) election using the Droop quota. Each PLC member will serve a term of two years or until the member's successor is elected. The maximum number of consecutive terms a (non-PL) PLC member can serve is two, even if this means they have no successor. Any sudden vacancy in the PLC will be filled by the usual procedure for electing PLC members at the next general meeting, typically the next AGM.
3. Three weeks prior to the AGM, the PLC will nominate at least one candidate for each upcoming vacant seat. Any member may also nominate any other member as a candidate for the PLC at this time. Nominees may accept or reject their nomination. Accepting candidates should provide the PLC with a brief statement expressing relevant experience and intentions if elected. The PLC will distribute candidates' writings one week before the AGM. Candidates may deliver their remarks in writing or verbally during the meeting.
3. When a PLC seat is up for election or is vacant, any member may become a candidate for the PLC by providing a brief statement in the `#members` channel in Homebrew's Slack expressing relevant experience and intentions if elected no later than three weeks before the AGM. The PLC will maintain the candidate list until ballots are sent out one week before the AGM, during which time members may cast their votes. Candidates may deliver remarks in writing or verbally before or during the AGM but votes already cast may not be changeable. The current PLC may vote on and publish a statement recommending their preferred candidates within the three-week period between the candidate deadline and the AGM.
4. The PLC will deliver a report of their activities, decisions, and financial statements to the Homebrew members at the AGM.
4. The PLC must report all minutes, participants in discussions and breakdowns of any votes cast to Homebrew members in the Homebrew/homebrew-governance-private GitHub repository no later than one week after the action has been taken. At the AGM, the PLC should present a summary of their activities and decisions since the last AGM. Financial statements can be viewed by anyone on the internet on Homebrew's OpenCollectives (<https://opencollective.com/brew> and <https://opencollective.com/homebrew>).
5. No more than two employees of the same employer may serve on the PLC.
6. A member of the PLC may be removed from the PLC by a special resolution of the membership.
7. All members of the PLC will be “billing managers” and "moderators" of the GitHub organisation and any related resources (e.g. Slack, 1Password where possible).
8. One member of the PLC other than the PL will have an `Owner` role in the GitHub organization and any related resources. The PLC will choose this person, with preference given to any PLC members who are current Homebrew maintainers. If no PLC members are Homebrew maintainers, any PLC member qualifies for the `Owner` role.
## 5. Meetings of the Project Leadership Committee
1. A synchronous meeting of the PLC may be called by any two of its members with at least three weeks notice, unless all PLC members agree to a shorter notice period.
@ -96,6 +100,8 @@
9. The Project Leader must be a maintainer, not just a member.
10. The Project Leader will be an "Owner" of the GitHub organization, Slack, 1Password and any related resources.
## 7. Technical Steering Committee
1. The TSC has the authority to decide on any technical disputes between any maintainer and the Project Leader. Disputes not involving the Project Leader should be addressed through the Project Leader.
@ -108,14 +114,35 @@
5. A member of the TSC, except the Project Leader, may be removed from the TSC by an ordinary resolution of the PLC.
6. All members of the TSC will be "moderators" of the GitHub organisation.
7. One member of the TSC (not the PL) will be an "Owner" of the GitHub organization, Slack, 1Password and any related resources.
## 8. Maintainers
1. All maintainers are automatically members. Some, not all, members are maintainers.
2. Maintainers are members with commit/write-access to at least one of: Homebrew/brew, Homebrew/homebrew-core, Homebrew/homebrew-cask.
3. New maintainers can be nominated by any existing maintainer. They require one approval from the Project Leader or a member of the TSC and no opposition from these people in a 24 hour "working" period (i.e. 7pm on a Friday waits until 7pm on a Monday). If there is opposition, it will be subject to a TSC Slack vote with a majority taking effect after a week.
3. New maintainers can be nominated by any existing maintainer. To become a maintainer, a nomination requires approval from one of the PL or any member of the TSC with no opposition from any these people within a 24 hour period excluding 19:00 UTC on Friday until 19:00 UTC on the following Monday. If there is opposition, the TSC must vote on the nomination in the #tsc private Slack channel, with the vote closing after a week or when a majority of the TSC has voted. The nomination will succeed by simple majority vote of the votes cast.
4. Maintainers' commit access will be reviewed yearly by the Project Leader before the AGM and removed from those who have not committed enough or not performing maintainer responsibilities (e.g. reviewing the PRs of other maintainers and contributors rather than just merging their own PRs) in a given repository. If they are not active enough on any of Homebrew/brew, Homebrew/homebrew-core, Homebrew/homebrew-cask: they will be asked to step down as a maintainer but can remain as a member. If a TSC member believes that a maintainer's removal is unwarranted, they can call a TSC vote on whether to remove the member.
4. The Homebrew organization endeavors to operate under the principle of least privilege. In accordance with this, maintainers' write/commit access will be reviewed yearly by the Project Leader before the AGM and removed from those who have not been consistently doing all of:
5. Members of the PLC do not have to be maintainers but will have implicit write access to their repositories anyway as "Owners" of the GitHub organisation. If they are not maintainers, they should not make use of this write access.
- having more [contributions to Homebrew/brew](https://github.com/Homebrew/brew/graphs/contributors), [Homebrew/homebrew-core](https://github.com/Homebrew/homebrew-core/graphs/contributors) and/or [Homebrew/homebrew-cask](https://github.com/Homebrew/homebrew-cask/graphs/contributors) than the majority of non-maintainer contributors in at least one of these repositories
- performing timely reviews and merges of PRs of other maintainers and contributors (rather than just merging their own PRs) in Homebrew/brew, Homebrew/homebrew-core and/or Homebrew/homebrew-cask
- performing timely reviews to direct GitHub review requests or GitHub reviews for any subteams they are part of (e.g. Homebrew/linux) in any repository in the Homebrew organisation
- being responsive to direct mentions on GitHub and direct mentions in Slack from the Project Leader and other maintainers
- maintaining a positive working relationship with the PL and other maintainers.
- engaging actively to resolve conflict with the PL or other maintainers, with a neutral intermediary upon request
If a maintainer does not fulfill these requirements they will be asked to step down as a maintainer but can remain as a member.
The following will not be factored into the decision as, despite being appreciated, they do not require commit/write access:
- contributions to the wider Homebrew organisation, repositories (other than the 3 above) or ecosystem
- contributions in previous years as a maintainer or contributor
- contributions to the governance documents, the PLC, GSoC, MLH, social media, Homebrew's discussion forum, etc.
If a maintainer believes their removal is unwarranted, they can request a TSC vote (to be completed before the AGM) on whether to block their removal as a maintainer. Through requesting this vote they implicitly state that they plan on addressing any missing criteria above. If the TSC (or Project Leader) feels there has been insufficient progress on the criteria above for any blocked removal, they can re-request a TSC vote. A vote can also be requested by the TSC (or Project Leader) for noticeable uncommunicated/unplanned inactivity or unresponsiveness. These votes can occur once a quarter per-maintainer until the next AGM. These votes can start one quarter after the 2023 AGM.
In emergency situations, including but not limited to malicious commits, suspicious activity, abuse of resources, or any action or activity that could harm the security posture of the Homebrew codebase, systems, or organisation, the PL or anyone with the capability to remove privileges may remove a maintainer's privileges. Upon doing so, they must inform the PLC and the TSC. The PLC will review the impact of the situation for further action. The TSC will review the removal of any maintainer removed under this clause within two weeks and instruct the PL to restore the maintainer's privileges only if the situation is resolved. The TSC will document the situation in an incident report to be shared with members and recommend changes to security settings or this governance document to prevent the situation from occurring again.