Add CHARTER.md - Githubissues

ossf / wg-securing-software-repos

OpenSSF Working Group on Securing Software Repositories

Other

84 stars 15 forks source link

Add CHARTER.md #4

Closed jchestershopify closed 2 years ago

jchestershopify commented 2 years ago

Adds the charter from the template project, with one small elision (see https://github.com/ossf/project-template/issues/4 for details).

Request to reviewers: please ensure I haven't overlooked any placeholder names / variables.

jchestershopify commented 2 years ago

I caught my fork up with a merge in the Github UI but had expected a rebase. Let me know if that's no good and you'd prefer me to go back and create a rebased PR.

jchestershopify commented 2 years ago

In discussion in the Securing Critical Projects WG (April 7th) a question was raised about whether the whole TSC mechanism makes sense, and it's unclear whether @ossf/tac will be updating the documentation as part of their work on OpenSSF process docs. I think we might want to hold on merging this for the moment until matters are clearer.

jchestershopify commented 2 years ago

A quick addition. I have drafted a proposed list of "Maintainers", which the charter requires to operate (votes, when votes are taken, are cast by Maintainers).

The gist of the list is "repo folks or WG organizers who have attended > 1 meeting". It comes out as 9 names:

Bob Callaway (Google)
Brian Fox (Sonatype / Maven Central)
Dustin Ingram (Google / PyPI)
Jacob Finkelman / Eh2406 (Cargo)
Jacques Chester (Shopify)
Jason Swank (Sonatype / Maven Central)
Josef Šimánek (RubyGems)
Myles Borins (GitHub / npm)
Trevor Rosen (GitHub / npm)

I'll bring up this list at the next call. 99% of the time it won't matter, but we need such a list to bootstrap the charter as-written.

trishankatdatadog commented 2 years ago

Cool! WDYT about some academics like @mnm678 to balance it out, like in the SigStore root?

jchestershopify commented 2 years ago

I went back and forth on that, actually, and I fell very slightly on the side of limiting it to repo folks and organizers. But I am happy to be argued around to the other point of view. FWIW @mnm678 would easily qualify under the number of attendances criterion.

trishankatdatadog commented 2 years ago

I went back and forth on that, actually, and I fell very slightly on the side of limiting it to repo folks and organizers. But I am happy to be argued around to the other point of view. FWIW @mnm678 would easily qualify under the number of attendances criterion.

Maybe let's vote at the next meeting?

jchestershopify commented 2 years ago

Works for me.

jswank commented 2 years ago

LGTM

bobcallaway commented 2 years ago

Per the charter document, we need 2/3 approval to establish or amend the charter; I see approvals from the following maintainers:

@jchestershopify (implicit as PR author)
@di
@bobcallaway
@jswank
@MylesBorins
@Eh2406
@simi

7 of 9 is sufficient for this vote to pass (@trevrosen and @brianf were not in attendance at the meeting)