Proposal: Contributor Ladder

[jeffmendoza]

This is a rough draft for discussion. We can also adapt this to Scorecards with minor changes, then share a generalized version at the foundation level.

Name	Pre-reqs: Indicators to look for before promotion	Expectations	Recognition, Access, Effect of access
Contributor	One of: 1. Regular PRs for code/docs. 2. Regular feedback on discussion topics in issues/slack 3. Regular meeting attendance and contribution. For a period of time… (30-60 days?)	Continue pre-req.	Added as GitHub Outside Collaborator to repo. (read or triage: project specific?) Tests on PRs run automatically without approval
Approver	Regular PRs for code/docs of moderate to substantial impact. Participates in many high-level proposals and discussions.	Available to have PRs assigned to them for review: Will review within 1 business day, otherwise notifies team when unable to review (ooo, etc.) Responds to requests for input/discussion over issues and slack	Added as GitHub Outside Collaborator to repo with write/push access. Approves and merges PRs
Maintainer	Consistently drives the project through code, proposals, project direction, leadership, etc.	Responds and makes final decisions on all large proposals, features, architecture changes, design, documentation of project	Full access and ownership. Creates releases, and finalizes changelog updates, sends project update announcements.

Some notes:

• I’m only including "outside collaborator” access, as I have no idea the requirements to be added to the openssf org. AI: Figure out if we can incorporate org member at some level.
• Process for adding/removing members of levels is not covered, Will be handled by maintainer until a more formal process is needed.

[jeffmendoza]

Draft for recommended OpenSSF level ladder, to propose

Name	Pre-reqs: Indicators to look for before promotion	Expectations	Recognition, Access, Effect of access
Contributor	One of: 1. Regular PRs for code/docs. 2. Regular feedback on discussion topics in issues/slack 3. Regular meeting attendance and contribution. For a period of time…	Continue pre-req.	Added as GitHub Outside Collaborator to repo with read access. Tests on PRs run automatically without approval
Approver	Regular PRs for code/docs of moderate to substantial impact. Participates in many high-level proposals and discussions.	Available to have PRs assigned to them for review: Will review in a timely manner, otherwise notifies team when unable to review (ooo, etc.) Responds to requests for input/discussion over issues and slack	Added as GitHub Outside Collaborator to repo with write/push access. Approves and merges PRs
Maintainer	Consistently drives the project through code, proposals, project direction, leadership, etc.	Responds and makes final decisions on all large proposals, features, architecture changes, design, documentation of project	Full access and ownership. Creates releases, and finalizes changelog updates, sends project update announcements.

Recommended project tweaks: Add time for code review expectations. Consider if any release/changelog update tasks can be automated and/or handled by an approver.

[naveensrinivasan]

@jeffmendoza Thanks. This will help new contributors and encourage them.

The only concern I have is this

Available to have PRs assigned to them for review: Will review within 1 business day, otherwise notifies team when unable to review (ooo, etc.)

1 business day could be hard on anyone. Work, family, etc. I would recommend it to be 3.

[naveensrinivasan]

We could propose something like this to OSSF https://github.com/sigstore/community/blob/34e766c7404696797640f0f3a702bfff9d306eff/community-membership.md

cc @cpanato

[cpanato]

agree as well 1 business day is hard

let me know where i can help here :)

[jeffmendoza]

Thanks for the input. If someone is assigned a review, I think an expectation for a timely response is good. If they have obligations, a reply that they can't get to it immediately would be expected. In addition, calling these expectations vs requirements is significant. Each project can fine tune the exact number.

Maybe for Allstar we'll split the difference and go with 2 and see how that goes.

[jeffmendoza]

Closed with #339