-
Notifications
You must be signed in to change notification settings - Fork 71
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
doc: Governance Roles #415
base: main
Are you sure you want to change the base?
doc: Governance Roles #415
Conversation
93b9c1b
to
ea1e19b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi Steve,
Thank you for typing up the updates to the governance rules following the PTG discussion this week.
I added some suggestions to the wording inline, I think the content looks good and covers what we talked about at the PTG.
README.md
Outdated
A Maintainer has the ability to merge code into the Kata Containers project. Maintainers are active Contributors and participants in the projects. In order to become a Maintainer, you must be nominated and approved by the established Maintainers. Maintainers have write access to the Kata Containers repos on GitHub. | ||
Kata Containers Committers (as defined by the [kata-containers-committer team](https://github.com/orgs/kata-containers/teams/kata-containers-committer)) | ||
have the ability to merge code into the Kata Containers project. | ||
Maintainers are active Contributors and participants in the projects. In order to become a Committer, you must be nominated by established Committer and approved by quorum of the active Architecture committee via an issue against the community repo |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maintainers are active Contributors and participants in the projects. In order to become a Committer, you must be nominated by established Committer and approved by quorum of the active Architecture committee via an issue against the community repo | |
Committers are active Contributors and participants in the projects. In order to become a Committer, you must be nominated by established Committer and approved by quorum of the active Architecture committee via an issue against the community repo |
README.md
Outdated
e.g. https://github.com/kata-containers/community/issues/403. Committers have write access to the Kata Containers repos on GitHub, which | ||
gives the ability to approve PRs, trigger the CI and merge PRs. | ||
|
||
One of the requirements to be a committer is that you are an active contributor to the project as adjudged by the above criteria. The committer list will be required for people who no longer meet the criteria |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One of the requirements to be a committer is that you are an active contributor to the project as adjudged by the above criteria. The committer list will be required for people who no longer meet the criteria | |
One of the requirements to be a committer is that you are an active contributor to the project as adjudged by the above criteria. Assessing the list of active contributors happens twice a year, |
README.md
Outdated
gives the ability to approve PRs, trigger the CI and merge PRs. | ||
|
||
One of the requirements to be a committer is that you are an active contributor to the project as adjudged by the above criteria. The committer list will be required for people who no longer meet the criteria | ||
twice a year, lining up with the Architecture Committee election cycle. At/after the election, people who are in the kata-containers-committer team, but who haven't been an active contributor in the last 12 months will be created |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
twice a year, lining up with the Architecture Committee election cycle. At/after the election, people who are in the kata-containers-committer team, but who haven't been an active contributor in the last 12 months will be created | |
lining up with the preparation for the Architecture Committee election cycle. At that time, the kata-containers-committer team will also be reviewed, and a list of people, who are on the team but haven't been an active contributor in the last 12 months, will be created |
README.md
Outdated
|
||
One of the requirements to be a committer is that you are an active contributor to the project as adjudged by the above criteria. The committer list will be required for people who no longer meet the criteria | ||
twice a year, lining up with the Architecture Committee election cycle. At/after the election, people who are in the kata-containers-committer team, but who haven't been an active contributor in the last 12 months will be created | ||
and shared with the Architecture Committee and community and after a short review period to check of errors in the tooling, will be removed from the team. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
and shared with the Architecture Committee and community and after a short review period to check of errors in the tooling, will be removed from the team. | |
and shared with the Architecture Committee and community. After a short review period, to allow time to check for any errors, inactive team members will be removed. |
README.md
Outdated
|
||
Kata Containers Admins (as defined by the [kata-containers-admin team](https://github.com/orgs/kata-containers/teams/kata-containers-admin) have admin access to | ||
the kata-containers repo, allowing them to do actions like, change the branch protection rules for repositories, delete a repository and manage the access of others. | ||
There are sometimes good reasons to temporarily give others admin access, such as to create a secret that is used in a particular CI infrastructure, but generally |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are sometimes good reasons to temporarily give others admin access, such as to create a secret that is used in a particular CI infrastructure, but generally | |
The Admin group is intentionally kept small, however, individuals can be granted temporary admin access to carry out tasks, like creating a secret that is used in a particular CI infrastructure. |
README.md
Outdated
Kata Containers Admins (as defined by the [kata-containers-admin team](https://github.com/orgs/kata-containers/teams/kata-containers-admin) have admin access to | ||
the kata-containers repo, allowing them to do actions like, change the branch protection rules for repositories, delete a repository and manage the access of others. | ||
There are sometimes good reasons to temporarily give others admin access, such as to create a secret that is used in a particular CI infrastructure, but generally | ||
we should try and minimise this access. The admin list should be reviewed and updated after each Architecture Committee election and typically contain: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we should try and minimise this access. The admin list should be reviewed and updated after each Architecture Committee election and typically contain: | |
The Admin list is reviewed and updated after each Architecture Committee election and typically contains: |
README.md
Outdated
|
||
### Owner | ||
|
||
GitHub organization owners have complete admin access to the organization, so should be limited for security reasons. The owners list should be reviewed and updated after each Architecture Committee election and contain: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
GitHub organization owners have complete admin access to the organization, so should be limited for security reasons. The owners list should be reviewed and updated after each Architecture Committee election and contain: | |
GitHub organization owners have complete admin access to the organization, and therefore this group is limited to a small number of individuals, for security reasons. The owners list is reviewed and updated after each Architecture Committee election and contains: |
README.md
Outdated
@@ -10,7 +10,9 @@ | |||
* [Governance](#governance) | |||
* [Developers](#developers) | |||
* [Contributor](#contributor) | |||
* [Maintainer](#maintainer) | |||
* [Maintainer](#committer) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
* [Maintainer](#committer) | |
* [Committer](#committer) |
Update the contributor role descriptions and guidelines for review, based on the vPTG discussion Signed-off-by: stevenhorsman <steven@uk.ibm.com>
ea1e19b
to
69ae07d
Compare
Thanks so much for the care review. I've incorporated your suggestions. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There's one part that affects me the most, which is "admins".
I left my comment there, but I sincerely feel like we're taking a step on the wrong direction on this one.
README.md
Outdated
|
||
Kata Containers Admins (as defined by the [kata-containers-admin team](https://github.com/orgs/kata-containers/teams/kata-containers-admin) have admin access to | ||
the kata-containers repo, allowing them to do actions like, change the branch protection rules for repositories, delete a repository and manage the access of others. | ||
There are sometimes good reasons to temporarily give others admin access, such as to create a secret that is used in a particular CI infrastructure, but generally |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This part affects me the most, for instance.
I'm not part of the AC anymore, but I've been dealing -- maybe even more than AC members? -- with a lot of the admin stuff, ranging from setting up CI systems to simply unblocking PRs.
With this change, theoretically, I should have no access to do so, which will require a better velocity coming from the architecture committee.
More than that, adding someone to temporarily do something feels like a bureaucratic thing that would take more time than just having an AC member doing the thing. :-)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not part of the AC anymore, but I've been dealing -- maybe even more than AC members? -- with a lot of the admin stuff, ranging from setting up CI systems to simply unblocking PRs.
With this change, theoretically, I should have no access to do so, which will require a better velocity coming from the architecture committee.
So I think that in this circumstances you would probably fall into the
Optionally, some specific people that the Architecture Committee agree on adding for a specific purpose (e.g. to manage the CI)
category, but we also don't want to cover over the problem of the AC not being responsive, so should try and address that as well.
More than that, adding someone to temporarily do something feels like a bureaucratic thing that would take more time than just having an AC member doing the thing. :-)
The idea of temporarily adding is based on things that I've had to do in the CAA repo. People setting up CI wanted to add secrets e.g. AZURE_SUBSCRIPTION_ID
that are required in our infrastructure and whilst they could have given an admin the secret and asked them to add it, that doesn't feel like a secure process. An example of this closer to home is when you/Gaby recently added ITA_KEY
secret (assuming this is sensitive, if not then sorry for the bad example). If you didn't have access would you (or rather Intel) have preferred to be given admin access temporarily to add that, or to send the secret to the AC for them to add (and therefore have access). I don't believe that anyone on the AC would be interested in exploiting secrets, but speaking personally, I'd rather not be involved in handling any that I don't own.
If you don't think this is a concern and others agree, then it would be more secure to block this, so I can remove it from the proposal.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
People setting up CI wanted to add secrets e.g.
AZURE_SUBSCRIPTION_ID
that are required in our infrastructure and whilst they could have given an admin the secret and asked them to add it, that doesn't feel like a secure process.
This makes sense, indeed.
### Admin | ||
|
||
Kata Containers Admins (as defined by the [kata-containers-admin team](https://github.com/orgs/kata-containers/teams/kata-containers-admin) have admin access to | ||
the kata-containers repo, allowing them to do actions like, change the branch protection rules for repositories, delete a repository and manage the access of others. | ||
The Admin group is intentionally kept small, however, individuals can be granted temporary admin access to carry out tasks, like creating a secret that is used in a particular CI infrastructure. | ||
The Admin list is reviewed and updated after each Architecture Committee election and typically contains: | ||
- The Architecture Committee | ||
- Optionally, some specific people that the Architecture Committee agree on adding for a specific purpose (e.g. to manage the CI) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I understand we're taking a security measure to prevent something to happen. However, the community has always been based on trust and work being done.
Having this feels like we're shooting ourselves in the foot, as either you're an AC member, member of OIF, or you depend on their own criteria (regardless of them being actually active or not) to decide who'll be actually helping the project.
Now, if we want to go through a formal process, I'd strongly recommend that any change in the admin side would have to go through a vote and the majority of the admins would have to agree before it happens (including secrets being added, machines being added, PRs being merged, etc). The malicious actor may come from anywhere, including AC / OIF.
Update the contributor role descriptions and guidelines for review, based on the vPTG discussion