Create LLC and TSC

[david-a-wheeler]

Clean up various legal/charter constructs.

The Linux Foundation plans to move this project into its own LLC (this provides various legal protections), and we must state that.

A side-effect is that we need to create "Technical Steering Committee" (TSC). I think that's a good thing. I intend to start it with me (as I was the original project lead & committer), and work to add others to it, so it's not just me working by myself.

The proposed approach says the OpenSSF TAC can change the TSC by majority vote. The intent is to ensure that I (or anyone else) can't be a dictator, and that it's possible to get things going again if something goes wrong. Originally I was going to have the OpenSSF Best Practices WG do that vote, but I think it'd be better to have the TAC do it.

[codecov[bot]]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 98.04%. Comparing base (f8b1ed9) to head (e509d73).

Additional details and impacted files

```diff @@ Coverage Diff @@ ## main #2107 +/- ## ======================================= Coverage 98.04% 98.04% ======================================= Files 53 53 Lines 2098 2098 ======================================= Hits 2057 2057 Misses 41 41 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

[gregkh]

Looks good to me, but you might want to run it by LF Legal as I know they have standard formats for this type of thing (which you might have done so already, if so, great!)

[david-a-wheeler]

Thanks! I started with their formats, but that doesn't mean I did it all correctly.

[david-a-wheeler]

Note bene:

LF Legal is fine with documentation released under Creative Commons Attribution (CC-BY). However, they recommend that (new) data be made available under the CDLA-Permissive 2.0 License, available at https://cdla.dev/permissive-2-0. Past contributions of data were made under the Creative Commons Attribution 3.0 or 4.0 licenses; when we started I don't think the CDLA-Permissive license even existed as an option.

I'm going to talk with LF Legal to better understand their recommendations. Switching licenses might be wise. IIRC, data other than code & documentation has some legal quirks, so CC-BY may not be the best fit. Relicensing is hard and probably unnecessary. Historically the data was CC-BY-3.0, and after a certain data we declared newer data contributions were CC-BY-4.0. I'm guessing we can do that again, declare a cutoff date & all future data contributions would be CDLA-2.0. That would mean users of the collection would have to comply with all 3 licenses. I'll talk with LF Legal to see if that would be a problem. I suspect it will be fine (but I'm not a lawyer).

If this is truly what LF Legal recommends after our discussion, I plan to first alert the badge mailing list and the OpenSSF Best Practices WG. My guess is that everyone will be fine with this change, but I want to make sure people are aware of this first & to hear of any problems. The overall goal is to do the right thing.

[hythloda]

LGTM should we merge this?

[david-a-wheeler]

There's a weird test failure, I'll need to check it out, fix it, & then merge this. We're close.

[david-a-wheeler]

Sorry for the noisy last-minute changes, but the tests were failing and I wanted to fix them.

There are a few more failures but I will handle those separately.