Maintain file of people in official community roles

[micahhausler]

The Tinkerbell Governance document lists four roles

Role	Responsibilities	Requirements	Defined by
Contributor	Submit contributions	Signed DCO	Registered GitHub User
Member	Issue and discussion administration, PR reviewer	History of activity, good judgement, contribution in the community and the repositories, and sponsored by 2 Committers	Tinkerbell GitHub org member
Committer	Right to make changes to the code bases, merge pull requests, etc	Same as Member, shows leadership in the community and the repositories, and sponsored by 2 Maintainers	[OWNERS] file committer entry
Maintainer	Voting privileges, set direction and priorities	Same as Committer, demonstrated responsibility and excellent technical judgement for the project, and voted in by existing Maintainers	[OWNERS] file maintainer entry

Maintainers are currently listed in this repository, but Members and Committers are not. @jacobweinstock has an open proposal for adding a section on inactivity, but it is currently manual to figure out who qualifies as inactive.

In order to avoid the appearance of any capriciousness or unfairly singling anyone out, I propose adding a machine-readable (probably YAML) file in this repo enumerating Members, Committers, and Maintainers that a script or periodic job can run to identify (and ideally notify) current community members of any pending role changes.

This file could also function as a place where new community members can identify who qualifies as a possible sponsor for them

To start this out, it could be a simple file

member:
- alias: github_alias
  name: full name
- alias: other_user_alias
  name: full name
committer:
- alias: github_alias
  name: full name
- alias: other_user_alias
  name: full name
  affiliation: optional
maintainer:
- alias: thebsdbox
  name: Dan Finneran
  affiliation: Equinix Metal
- alias: tstromberg
  name: Thomas Strömberg
  affiliation: Equinix Metal
- alias: mmlb
  name: Manuel Mendez
  affiliation: Equinix Metal

I'm happy to take a first crack at this, but I'm not clear on who qualifies as a Committer as there aren't any filled out OWNERS files in any GH repos, but GH org member is easy enough to figure out.

CC @thebsdbox @tstromberg @mmlb

[mmlb]

IDK if we need to collect PII, github handle should be enough right?

[micahhausler]

I am not a lawyer, but do we want to ask for a given name for maintainers/committers? Thinking about upholding export control laws and such

[mmlb]

Me neither but I don't see how taking given name would be useful w/o verifying somehow... which I don't even want to get into. I'll go snooping through cncf docs to see if any guidance is provided. I feel like wanting given names will open up a whole can of identity/verification questions/worms that may not really be necessary :thinking: .

[micahhausler]

I think its fine to keep it optional

[displague]

We are not enrolling members into this file without their request/approval. I think it is perfectly understandable that if you want a position of authority in an OSS project, you will have to divulge your name.

Whether or not that name is persisted in the config file or GitHub history is another matter. It is understandable that consumers of the project should want to know the authorship and affiliations of contributors to the project, although this does not have to be considered a right.

I think we can test this when the time comes, but otherwise expect names in the files.

Other considerations:

• https://raw.githubusercontent.com/cncf/project-template/main/CONTRIBUTOR_LADDER.md suggests "username" rather than calling out "name"
• https://github.com/cncf/project-template/blob/3ed2ec8f529b05aec0badfc04f48116e900e25f9/CONTRIBUTING.md#dco calls out both git user name and "Your Name"
• https://developercertificate.org/ (d) calls out personal information

[displague]

Adding another ping on this issue since https://github.com/tinkerbell/proposals/pull/50 has been merged

[micahhausler]

Closing this now that we have CODEOWNERS in most repos