docs/governance: import from homebrew-governance.

Saves us having Yet Another Public Repository.

docs/_governance/2019-membership.md

@@ -0,0 +1,42 @@
+@alebcay
+@amyspark
+@apjanke
+@bfontaine
+@chenrui333
+@claui
+@colindean
+@dawidd6
+@dpo
+@EricFromCanada
+@fxcoudert
+@GauthamGoli
+@igas
+@iMichka
+@issyl0
+@jacobbednarz
+@jasontedor
+@javian
+@jonchang
+@ladislas
+@lembacon
+@maxim-belkin
+@MikeMcQuaid
+@mistydemeo
+@Moisan
+@mxcl
+@reitermarkus
+@scpeters
+@Sharpie
+@sjackman
+@SMillerDev
+@tschoonj
+@tseemann
+@victorpopkov
+@vitorgalvao
+@vszakats
+@woodruffw
+@xu-cheng
+@youtux
+@zachauten
+@zbeekman
+@zmwangx

docs/_governance/2019-moss-track-iii-grant-nomination.md

@@ -0,0 +1,124 @@
+# Nomination for Mozilla Open Source Support, Track III
+
+## Solicitation
+
+The open source and free software ecosystem needs to be secure; thank you for your desire to help make that even more of a reality by suggesting a project for an SOS audit. Note that this form allows you to make a *suggestion*, not an *application* - please do not expect to hear back from us. Unlike other tracks of MOSS, Mozilla will take the initiative to approach organizations it wishes to make offers to, perhaps guided by a suggestion, perhaps not.
+
+We have a series of factors we consider when evaluating an application. For example:
+
+* How commonly used is the software?
+* Is the software network-facing or does it regularly process untrusted data?
+* How vital is the software to the continued functioning of the Internet or the Web?
+* Does the software depend on closed-source code, e.g. in a web service?
+* Are the software’s maintainers aware of and supportive of the application for support from the SOS fund?
+* Has the software been audited before? If so, when and how extensively? Was the audit made public? If so, where?
+* Does the software have existing corporate backing or involvement?
+
+The answers to such questions are often not “yes” or “no”, but matters of degree, and so Mozilla will take the entire picture into account when assessing projects.
+
+## Application
+
+### Project name
+
+Homebrew
+
+### Your name
+
+Jonathan Chang
+
+### Your relationship to the project
+
+Maintainer
+
+### Project website (This needs to be somewhere we can obtain the source code.)
+
+<https://brew.sh>
+
+### Project description
+
+Homebrew aims to be the missing package manager for macOS (and Linux). Its primary goal is to be useful to as many people as possible, while remaining maintainable to a professional, high standard by a small group of volunteers. Where possible and sensible, it should seek to use features of macOS to blend in with the macOS and Apple ecosystems. On Linux and Windows, it should seek to be as self-contained as possible.
+
+### What copyright license or licenses cover the project's source code?
+
+Homebrew's code is licensed under a BSD 2-clause license. Homebrew also vendors three dependencies, which are all MIT licensed (<https://github.com/Homebrew/brew/tree/master/Library/Homebrew/vendor>).
+
+### Does the project contain any proprietary code, or depend on or use a proprietary web service? If so, please give details
+
+Homebrew's source code is hosted on GitHub. Homebrew interacts with the Bintray API to upload and host our binary packages. Homebrew also relies on Microsoft's Azure Pipelines continuous integration service to run our test suite on macOS and Linux.
+
+### What is the maintenance status of the project?
+
+*Is the project actively maintained? If so, please give contact details of the maintainers and indicate whether they are aware of and/or supportive of this application. When was the most recent release?*
+
+Homebrew is actively maintained, and its last release was v2.1.0 on April 5, 2019. Homebrew has 22 maintainers; their GitHub handle is listed below as well as other specific administrative roles they might have:
+
+* Mike McQuaid (@MikeMcQuaid, Project Leader)
+* Misty De Meo (@mistydemeo, Project Leadership, Technical Steering)
+* Markus Reiter (@reitermarkus, Project Leadership, Technical Steering)
+* Jonathan Chang (@jonchang, Project Leadership)
+* Shaun Jackman (@sjackman, Project Leadership)
+* FX Coudert (@fxcoudert, Technical Steering)
+* Michka Popoff (@iMichka, Technical Steering)
+* Chongyu Zhu (@lembacon)
+* Claudia Pellegrino (@claui)
+* Eric Knibbe (@EricFromCanada)
+* Gautham Goli (@GauthamGoli)
+* Igor Kapkov (@igas)
+* Izaak "Zaak" Beekman (@zbeekman)
+* Jan Viljanen (@javian)
+* Jason Tedor (@jasontedor)
+* Sean Molenaar (@SMillerDev)
+* Steven Peters (@scpeters)
+* Thierry Moisan (@Moisan)
+* Tom Schoonjans (@tschoonj)
+* Viktor Szakats (@vszakats)
+* Vítor Galvão (@vitorgalvao)
+* William Woodruff (@woodruffw)
+
+The other maintainers reviewed this application and have expressed their support.
+
+### How popular is the project?
+
+*How many installed/used instances are there? Please give as much data as possible, including the source of any numbers.*
+
+According to anonymous analytics data collected per our policy (<https://docs.brew.sh/Analytics>), Homebrew on macOS has approximately 1.24 million instances that have been active in the past month. This is an increase of 19.3% over the same period last year, with 1.04 million active instances.
+
+Hoomebrew on Linux has approximately 15 thousand active instances, an increase of 75% over last year with 8.6 thousand instances.
+
+Each installed instance of Homebrew is quite active: over the last year we recorded approximately 166 million installation events; meaning on average, a instance will install software about 1.7 times per day.
+
+### Please give pointers to advisories or other documentation for any recent security bugs that have been found in the project
+
+<https://brew.sh/2018/08/05/security-incident-disclosure/>
+
+### Has the project had a security source code audit before? If so, when and how extensively?
+
+*If it has been audited before and the report is public, please give the URL.*
+
+Homebrew has not been previously audited for security issues. Our HackerOne project receives ad-hoc reports of security issues.
+
+### What formal or informal corporate involvement is there in the development process?
+
+No maintainer is currently employed by a corporation to work specifically on Homebrew. Our bylaws (<https://docs.brew.sh/Homebrew-Governance>) forbid more than two employees of the same company serving on either our Project Leadership Committee or Technical Steering Committee.
+
+We receive in-kind sponsorship for several services we use for our infrastructure, but these corporations are not involved in our development process:
+
+* MacStadium (server colocation)
+* DigitalOcean (virtual private servers)
+* CommsWorld (server colocation)
+* Bintray (binary hosting)
+* AgileBits (password & key storage)
+
+### Why do you think this project is a suitable recipient of an SOS award?
+
+*This is the most important question. Please refer to the criteria at <https://wiki.mozilla.org/MOSS/Secure_Open_Source> . Also, please explain in what ways the code is exposed to attackers, and the possible impact of a security problem.*
+
+Homebrew on macOS has over a million installed instances and, as measured via Google Trends ("homebrew mac" vs "macports"), has been the most popular package manager for macOS since 2015. As such, any security vulnerability in Homebrew could affect many macOS users.
+
+As a package manager, Homebrew often accesses the network to download and install binaries, or to extract and compile tarballs from their original source. Homebrew formulae have the ability to run untrusted code from the network, such as Makefiles and build scripts. Vulnerabilities in Homebrew's network handling and verification code could therefore deliver malware to end-users.
+
+Homebrew is often used in continuous integration (CI) infrastructure to install development tools on macOS. Travis CI, for example, recommends Homebrew as its default for installing development packages on CI containers. Any  weakness in the Homebrew build environment could compromise software built via CI for macOS systems, compounding the effects of any security vulnerability.
+
+Furthermore, many web developers currently use macOS as their development platform of choice. The 2017 Stack Overflow Developer Survey, the last year these data were available, indicated that of the 26,235 self-described web developers, 4,220 (16%) used macOS as their development platform. When only examining front-end developers, nearly 70% used macOS. Homebrew's analytics reinforces its importance for web development---its most installed package is Node.js, which accounts for nearly 5% of all package installations recorded (2.9M install events). A security vulnerability in Homebrew could compromise a large proportion of web development machines.
+
+Homebrew on Linux is often used by high performance computing and other scientific computing users, and managed by a special role account called "linuxbrew". Compromise of the Homebrew software on Linux could result in the misuse or takeover of computing clusters with up to tens of thousands of nodes, each with significant computing resources and network access to crack passwords or conduct denial-of-service attacks.

docs/_governance/2019-plc-minutes.md

@@ -0,0 +1,21 @@
+# Homebrew Project Leadership Committee Minutes 2019
+
+## Members
+
+- [Jon Chang](https://github.com/jonchang)
+- [Markus Reiter](https://github.com/reitermarkus)
+- [Mike McQuaid](https://github.com/mikemcquaid), project leader
+- [Misty de Meo](https://github.com/mistydemeo)
+- [Shaun Jackman](https://github.com/sjackman), secretary
+
+## Minutes
+
+- 2019-02-27
+  Shaun Jackman moved that Torsten Seemann and Dominique Orban be invited to join Homebrew as members.
+  Motion carried unanimously.
+- 2019-07-19
+  Shaun Jackman asked that Rui Chen be invited to join Homebrew as a member.
+  Motion carried unanimously.
+- 2019-08-24
+  Jonathan Chang moved that Ladislas de Toldi and Zach Auten be invited to join Homebrew as members.
+  Motion carried unanimously.

docs/_governance/2020-membership.md

@@ -0,0 +1,52 @@
+@alebcay
+@amyspark
+@apjanke
+@bfontaine
+@carlocab
+@chenrui333
+@claui
+@colindean
+@core-code
+@danielnachun
+@dawidd6
+@dpo
+@dtrodrigues
+@EricFromCanada
+@fxcoudert
+@GauthamGoli
+@gromgit
+@igas
+@iMichka
+@issyl0
+@jacobbednarz
+@jasontedor
+@javian
+@jonchang
+@ladislas
+@lembacon
+@maxim-belkin
+@MikeMcQuaid
+@mistydemeo
+@Moisan
+@mxcl
+@Rylan12
+@ran-dall
+@reitermarkus
+@samford
+@scpeters
+@Sharpie
+@sjackman
+@SMillerDev
+@suschizu
+@SeekingMeaning
+@tschoonj
+@tseemann
+@victorpopkov
+@vitorgalvao
+@vszakats
+@woodruffw
+@xu-cheng
+@youtux
+@zachauten
+@zbeekman
+@zmwangx

docs/_governance/2020-plc-minutes.md

@@ -0,0 +1,45 @@
+# Homebrew Project Leadership Committee Minutes 2020
+
+## Project Leader
+
+[Mike McQuaid](https://github.com/mikemcquaid)
+
+## PLC Members
+
+- [Jon Chang](https://github.com/jonchang)
+- [Markus Reiter](https://github.com/reitermarkus)
+- [Misty de Meo](https://github.com/mistydemeo)
+- [Sean Molenaar](https://github.com/SMillerDev)
+- [Shaun Jackman](https://github.com/sjackman), secretary
+
+## Minutes
+
+- 2020-07-10
+  Shaun Jackman proposed that @SeekingMeaning be invited to join Homebrew as members.
+
+- 2020-03-24
+  Markus Reiter proposed that @core-code, @ran-dall and @suschizu be invited to join Homebrew as members.
+  Motion carried unanimously.
+
+- 2020-03-31
+  Jonathan Chang proposed to approve maintainer grant requests.
+  Motion carried unanimously.
+  Jonathan Chang proposed to increase the total award limit to $2000.
+  Motion carried unanimously.
+
+- 2020-06-09
+  Jonathan Chang proposed that @gromgit be invited to join Homebrew as members.
+  Motion carried unanimously.
+
+- 2020-08-20
+  The PLC voted that @miccal (4/5 votes in favour, 1 abstention), @whoiswillma (4/5 votes in favour, 1 abstention),
+  @vidusheeamoli (5/5 votes in favour) and @nandahkrishna (4/5 votes in favour, 1 abstention) be added as members.
+
+- 2020-12-08
+  Jonathan Chang proposed that @carlocab be invited to join Homebrew as a member. (3/5 with 2 abstensions)
+
+- 2020-12-24
+  The PLC voted to approve maintainer grant requests. (4/5 with 1 abstention)
+
+- 2021-01-29
+  Jonathan Chang proposed that @danielnachun be invited to join Homebrew as a member. (5/5)

docs/_governance/2021-agm-minutes.md

@@ -0,0 +1,67 @@
+# Homebrew Annual General Meeting 2021
+
+## Minutes
+
+- 2021-02-26 11:00-0800 Call to order
+- 11:00–11:01 Adoption of the agenda
+
+### Motions
+
+- 11:01–11:05 Motion to adopt the voting system, Greg Brimble
+
+  Greg Brimble moves to adopt the STV election method to elect the PLC and the Schulze method to elect the project leader. <https://github.com/Homebrew/brew/pull/10637>
+
+  Motion carried unanimously.
+
+  <https://www.opavote.com/results/4758678377857024>
+- Shaun Jackman moves to suspend the rules requiring a three week waiting period and to adopt these election systems immediately.
+  Motion carried unanimously.
+
+### Reports
+
+- 11:05-11:20 Project Leadership Committee's report, Jon Chang
+- 11:20–11:25 Treasurer's report of the financial statements, Jon Chang
+- 11:25–11:40 Technical Steering Committee's report, Misty De Meo
+- 11:40–11:55 Project Leader's report, Mike McQuaid
+
+### Elections
+
+- 11:55–11:57 Election of the Project Leadership Committee
+
+  Jonathan Chang and Issy Long are elected.
+
+  <https://www.opavote.com/results/5937355983683584>
+
+- 11:57–12:00 Election of the Project Leader
+
+  Mike McQuaid elected by acclamation.
+- 12:00–12:10 Recess
+
+### Member presentations
+
+- 12:10–12:20 Shaun Jackman - Bottle hosting
+- 12:20–12:30 Daniel Nachun - Relocating bottles using binary patching
+- 12:30–12:35 Caleb Xu - Quickbrew: native compiled brew <https://github.com/alebcay/quickbrew>
+- 12:35–12:40 Rylan Polster - Renaming branches in Homebrew <https://github.com/Homebrew/brew/issues/10424>
+- 12:40–12:45 Michka Popoff - Merging the cores <https://github.com/Homebrew/brew/issues/7028>
+- 12:45–12:50 Michka Popoff - Linux CI for homebrew-core <https://github.com/Homebrew/brew/issues/10597>
+- 12:50–13:55 Misty De Meo - Running Homebrew on Apple Silicon
+- 12:55–13:00 Shaun Jackman - Speeding up install times / Git repo size <https://github.com/Homebrew/install/issues/523>
+
+- 13:10 Meeting adjourned
+
+## Motions
+
+### Motion to adopt the voting system
+
+#### Project Leader
+
+The Homebrew Project Leader will be chosen by holding a [Schulze Condorcet method](https://en.wikipedia.org/wiki/Schulze_method) election. This popular method of voting is used by several organizations such as Wikimedia, Debian and Ubuntu. The single highest-ranked candidate, who is preferred over every other candidate in pairwise comparisons, will be elected to become the Project Leader.
+
+Voting by proxy is permitted, and proxy votes count towards the quorum for the election.
+
+#### Project Leadership Committee (PLC)
+
+The Homebrew Project Leadership Committee will be chosen by holding a [Meek Single Transferable Vote (STV)](https://en.wikipedia.org/wiki/Counting_single_transferable_votes#Meek) election. The quota (threshold) of votes for a candidate to be elected will be calculated using the [Droop quota](https://en.wikipedia.org/wiki/Droop_quota).
+
+Voting by proxy is permitted, and proxy votes count towards the quorum for the election.

docs/_governance/2021-egm-minutes.md

@@ -0,0 +1,13 @@
+# Extraordinary General Meeting 2021
+
+## 2021-01-14
+
+Meeting convened at 20:00 UTC.
+
+Shaun Jackman moved to amend the governance document as per PR <https://github.com/Homebrew/brew/pull/10137>.
+
+Votes in favour: 32
+Votes opposed: 1
+The motion carries.
+
+Meeting adjourned at 20:07 UTC.