Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

doc: Governance Roles #415

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

stevenhorsman
Copy link
Member

Update the contributor role descriptions and guidelines for review, based on the vPTG discussion

@stevenhorsman stevenhorsman force-pushed the governance-roles-review branch 2 times, most recently from 93b9c1b to ea1e19b Compare October 22, 2024 16:38
Copy link
Contributor

@ildikov ildikov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi Steve,

Thank you for typing up the updates to the governance rules following the PTG discussion this week.

I added some suggestions to the wording inline, I think the content looks good and covers what we talked about at the PTG.

README.md Outdated
A Maintainer has the ability to merge code into the Kata Containers project. Maintainers are active Contributors and participants in the projects. In order to become a Maintainer, you must be nominated and approved by the established Maintainers. Maintainers have write access to the Kata Containers repos on GitHub.
Kata Containers Committers (as defined by the [kata-containers-committer team](https://github.com/orgs/kata-containers/teams/kata-containers-committer))
have the ability to merge code into the Kata Containers project.
Maintainers are active Contributors and participants in the projects. In order to become a Committer, you must be nominated by established Committer and approved by quorum of the active Architecture committee via an issue against the community repo
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Maintainers are active Contributors and participants in the projects. In order to become a Committer, you must be nominated by established Committer and approved by quorum of the active Architecture committee via an issue against the community repo
Committers are active Contributors and participants in the projects. In order to become a Committer, you must be nominated by established Committer and approved by quorum of the active Architecture committee via an issue against the community repo

README.md Outdated
e.g. https://github.com/kata-containers/community/issues/403. Committers have write access to the Kata Containers repos on GitHub, which
gives the ability to approve PRs, trigger the CI and merge PRs.

One of the requirements to be a committer is that you are an active contributor to the project as adjudged by the above criteria. The committer list will be required for people who no longer meet the criteria
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
One of the requirements to be a committer is that you are an active contributor to the project as adjudged by the above criteria. The committer list will be required for people who no longer meet the criteria
One of the requirements to be a committer is that you are an active contributor to the project as adjudged by the above criteria. Assessing the list of active contributors happens twice a year,

README.md Outdated
gives the ability to approve PRs, trigger the CI and merge PRs.

One of the requirements to be a committer is that you are an active contributor to the project as adjudged by the above criteria. The committer list will be required for people who no longer meet the criteria
twice a year, lining up with the Architecture Committee election cycle. At/after the election, people who are in the kata-containers-committer team, but who haven't been an active contributor in the last 12 months will be created
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
twice a year, lining up with the Architecture Committee election cycle. At/after the election, people who are in the kata-containers-committer team, but who haven't been an active contributor in the last 12 months will be created
lining up with the preparation for the Architecture Committee election cycle. At that time, the kata-containers-committer team will also be reviewed, and a list of people, who are on the team but haven't been an active contributor in the last 12 months, will be created

README.md Outdated

One of the requirements to be a committer is that you are an active contributor to the project as adjudged by the above criteria. The committer list will be required for people who no longer meet the criteria
twice a year, lining up with the Architecture Committee election cycle. At/after the election, people who are in the kata-containers-committer team, but who haven't been an active contributor in the last 12 months will be created
and shared with the Architecture Committee and community and after a short review period to check of errors in the tooling, will be removed from the team.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
and shared with the Architecture Committee and community and after a short review period to check of errors in the tooling, will be removed from the team.
and shared with the Architecture Committee and community. After a short review period, to allow time to check for any errors, inactive team members will be removed.

README.md Outdated

Kata Containers Admins (as defined by the [kata-containers-admin team](https://github.com/orgs/kata-containers/teams/kata-containers-admin) have admin access to
the kata-containers repo, allowing them to do actions like, change the branch protection rules for repositories, delete a repository and manage the access of others.
There are sometimes good reasons to temporarily give others admin access, such as to create a secret that is used in a particular CI infrastructure, but generally
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
There are sometimes good reasons to temporarily give others admin access, such as to create a secret that is used in a particular CI infrastructure, but generally
The Admin group is intentionally kept small, however, individuals can be granted temporary admin access to carry out tasks, like creating a secret that is used in a particular CI infrastructure.

README.md Outdated
Kata Containers Admins (as defined by the [kata-containers-admin team](https://github.com/orgs/kata-containers/teams/kata-containers-admin) have admin access to
the kata-containers repo, allowing them to do actions like, change the branch protection rules for repositories, delete a repository and manage the access of others.
There are sometimes good reasons to temporarily give others admin access, such as to create a secret that is used in a particular CI infrastructure, but generally
we should try and minimise this access. The admin list should be reviewed and updated after each Architecture Committee election and typically contain:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
we should try and minimise this access. The admin list should be reviewed and updated after each Architecture Committee election and typically contain:
The Admin list is reviewed and updated after each Architecture Committee election and typically contains:

README.md Outdated

### Owner

GitHub organization owners have complete admin access to the organization, so should be limited for security reasons. The owners list should be reviewed and updated after each Architecture Committee election and contain:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
GitHub organization owners have complete admin access to the organization, so should be limited for security reasons. The owners list should be reviewed and updated after each Architecture Committee election and contain:
GitHub organization owners have complete admin access to the organization, and therefore this group is limited to a small number of individuals, for security reasons. The owners list is reviewed and updated after each Architecture Committee election and contains:

README.md Outdated
@@ -10,7 +10,9 @@
* [Governance](#governance)
* [Developers](#developers)
* [Contributor](#contributor)
* [Maintainer](#maintainer)
* [Maintainer](#committer)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* [Maintainer](#committer)
* [Committer](#committer)

Update the contributor role descriptions and guidelines
for review, based on the vPTG discussion

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
@stevenhorsman
Copy link
Member Author

I added some suggestions to the wording inline, I think the content looks good and covers what we talked about at the PTG.

Thanks so much for the care review. I've incorporated your suggestions.

Copy link
Member

@fidencio fidencio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's one part that affects me the most, which is "admins".

I left my comment there, but I sincerely feel like we're taking a step on the wrong direction on this one.

README.md Outdated

Kata Containers Admins (as defined by the [kata-containers-admin team](https://github.com/orgs/kata-containers/teams/kata-containers-admin) have admin access to
the kata-containers repo, allowing them to do actions like, change the branch protection rules for repositories, delete a repository and manage the access of others.
There are sometimes good reasons to temporarily give others admin access, such as to create a secret that is used in a particular CI infrastructure, but generally
Copy link
Member

@fidencio fidencio Oct 23, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This part affects me the most, for instance.

I'm not part of the AC anymore, but I've been dealing -- maybe even more than AC members? -- with a lot of the admin stuff, ranging from setting up CI systems to simply unblocking PRs.

With this change, theoretically, I should have no access to do so, which will require a better velocity coming from the architecture committee.

More than that, adding someone to temporarily do something feels like a bureaucratic thing that would take more time than just having an AC member doing the thing. :-)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not part of the AC anymore, but I've been dealing -- maybe even more than AC members? -- with a lot of the admin stuff, ranging from setting up CI systems to simply unblocking PRs.

With this change, theoretically, I should have no access to do so, which will require a better velocity coming from the architecture committee.

So I think that in this circumstances you would probably fall into the

Optionally, some specific people that the Architecture Committee agree on adding for a specific purpose (e.g. to manage the CI)

category, but we also don't want to cover over the problem of the AC not being responsive, so should try and address that as well.

More than that, adding someone to temporarily do something feels like a bureaucratic thing that would take more time than just having an AC member doing the thing. :-)

The idea of temporarily adding is based on things that I've had to do in the CAA repo. People setting up CI wanted to add secrets e.g. AZURE_SUBSCRIPTION_ID that are required in our infrastructure and whilst they could have given an admin the secret and asked them to add it, that doesn't feel like a secure process. An example of this closer to home is when you/Gaby recently added ITA_KEY secret (assuming this is sensitive, if not then sorry for the bad example). If you didn't have access would you (or rather Intel) have preferred to be given admin access temporarily to add that, or to send the secret to the AC for them to add (and therefore have access). I don't believe that anyone on the AC would be interested in exploiting secrets, but speaking personally, I'd rather not be involved in handling any that I don't own.

If you don't think this is a concern and others agree, then it would be more secure to block this, so I can remove it from the proposal.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

People setting up CI wanted to add secrets e.g. AZURE_SUBSCRIPTION_ID that are required in our infrastructure and whilst they could have given an admin the secret and asked them to add it, that doesn't feel like a secure process.

This makes sense, indeed.

Comment on lines +97 to +104
### Admin

Kata Containers Admins (as defined by the [kata-containers-admin team](https://github.com/orgs/kata-containers/teams/kata-containers-admin) have admin access to
the kata-containers repo, allowing them to do actions like, change the branch protection rules for repositories, delete a repository and manage the access of others.
The Admin group is intentionally kept small, however, individuals can be granted temporary admin access to carry out tasks, like creating a secret that is used in a particular CI infrastructure.
The Admin list is reviewed and updated after each Architecture Committee election and typically contains:
- The Architecture Committee
- Optionally, some specific people that the Architecture Committee agree on adding for a specific purpose (e.g. to manage the CI)
Copy link
Member

@fidencio fidencio Oct 23, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I understand we're taking a security measure to prevent something to happen. However, the community has always been based on trust and work being done.

Having this feels like we're shooting ourselves in the foot, as either you're an AC member, member of OIF, or you depend on their own criteria (regardless of them being actually active or not) to decide who'll be actually helping the project.

Now, if we want to go through a formal process, I'd strongly recommend that any change in the admin side would have to go through a vote and the majority of the admins would have to agree before it happens (including secrets being added, machines being added, PRs being merged, etc). The malicious actor may come from anywhere, including AC / OIF.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants