This document covers the project's governance and committer process. The project consists of the TUF specification and reference implementation.
The project is maintained by the people indicated in MAINTAINERS. A maintainer is expected to (1) submit and review GitHub pull requests and (2) open issues or submit vulnerability reports. A maintainer has the authority to approve or reject pull requests submitted by contributors. The project's Consensus Builder (CB) is Justin Cappos <jcappos@nyu.edu, @JustinCappos>.
A contributor can submit GitHub pull requests to the project's repositories. They must follow the project's code of conduct, the developer certificate of origin, the code style guidelines, and must unit test any new software feature or change. Submitted pull requests undergo review and automated testing, including, but not limited to:
- Unit and build testing via Travis CI and Tox.
- Static code analysis via Pylint and Bandit.
- Checks for Signed-off-by commits via Probot: DCO.
- Review by one or more maintainers.
A contributor can propose changes to the specification with a TUF Augmentation Proposal (TAP). It is a design document providing information to the TUF community, or describing a new feature for TUF or its processes or environment.
A TAP can be approved or rejected by the CB after it has been reviewed and discussed. Discussions take place on the project's mailing list or the TAPs GitHub issue tracker.
A contributor to the project must express interest in becoming a maintainer. The CB has the authority to add or remove maintainers.
The CB supervises changes in governance.