Update governance #2197
Update governance #2197
Conversation
antoninbas
force-pushed
the
update-governance
branch
from
9711038
to
ba372fc
Compare
|
I am hoping that Github changes the permission model for Github actions in the near future, and that we can reduce permission level for members from "Write" to "Triage". |
Codecov Report
@@ Coverage Diff @@
## main #2197 +/- ##
==========================================
- Coverage 41.31% 41.28% -0.03%
==========================================
Files 139 139
Lines 17225 17225
==========================================
- Hits 7117 7112 -5
- Misses 9484 9487 +3
- Partials 624 626 +2
Flags with carried forward coverage won't be shown. Click here to find out more.
|
antoninbas
force-pushed
the
update-governance
branch
from
ba372fc
to
96813af
Compare
|
/skip-all |
GOVERNANCE.md
Outdated
| duration of 12 months (no contribution of any kind), they may be removed from | ||
| the antrea-io Github organization. In case of privilege abuse (members receive | ||
| write access to the organization), any maintainer can decide to remove the | ||
| member. |
There was a problem hiding this comment.
I would suggest a minor change to require always a consensus of at least 2 maintainers before removing write access rights. This in order avoid situations where misunderstandings can lead maintainers to take actions that might be perceived incorrectly as it happened in a recent incident in the Linux kernel community.
There was a problem hiding this comment.
I'm a bit conflicted. I see your point and I did think about this originally. But my intent was to enable a maintainer to act swiftly, since write privileges can be abused in a somewhat disruptive way I think, even with branch protection.
Maybe I should rephrase it along these lines:
In case of privilege abuse (members receive write access to the organization), any maintainer can decide to disable write access temporarily for the member. Within the next 2 weeks, the maintainer must either restore the member's privileges, or remove the member from the organization. The latter requires approval from at least one other maintainer, which must be obtained publicly either on Github or Slack.
What do you think?
* switch to cncf-antrea-maintainers@lists.cncf.io as the maintainers mailing list * use the CNCF code of conduct * define antrea-io Github org membership and how to become a member * clarify PR merging process Signed-off-by: Antonin Bas <abas@vmware.com>
Signed-off-by: Antonin Bas <abas@vmware.com>
antoninbas
force-pushed
the
update-governance
branch
from
96813af
to
980aba5
Compare
|
/skip-all |
mailing list