Foundation groups documentation audit

[SecurityCRob]

A short-lived working committee should be created under the TAC for the purpose of conducting a review to ensure existence, consistency, and accuracy for all Foundation group documentations (TAC, WG, SIG, SIF, AP, Committees, etc.). This should include, but not be limited to the following artifacts:

• clear readme.md file that provides overview of group, with meeting times, communication channels, all active & past work, and areas where contributions are desired, any sub-groups affiliated with the higher-level working group, group leader(s), designated TAC liaison that assists the group
• a clearly discoverable list of active members, their project level (maintainer, collaborator, contributor, etc) as well as membership criteria and voting procedures
• an up-to-date and approved group charter.md
• a security.md file that documents project defect and vulnerability reporting process (sourced from approved foundation template)
• other artifacts or documentation that is deemed necessary by the committee

[hythloda]

This was brought up in the TAC with @steiza @jchestershopify @lehors @hythloda volunteering to help
Do want a zoom meeting to get this started? Or async?

[lehors]

It's not that I really want a zoom meeting (who does?? :) but I think we may need it to get things really going. Otherwise I fear time will just go by without anything happening.

[jchester]

A nit: the best handle to use for me right now is this one; @jchestershopify is (as the name suggests) tied to my previous work for Shopify.

[di]

For projects of the OpenSSF, should we add a "contributor ladder" to the list of artifacts? AFAIK Allstar is the only project that approaches this, I think this would be good to roughly standardize across all projects.

[bobcallaway]

For projects of the OpenSSF, should we add a "contributor ladder" to the list of artifacts? AFAIK Allstar is the only project that approaches this, I think this would be good to roughly standardize across all projects.

sigstore also publishes one: https://github.com/sigstore/community/blob/main/MEMBERSHIP.md

[di]

Aha, thanks. (We might also want to align on what this document is called, to help with discoverability 😉)

[di]

Perhaps this is also an opportunity to make a template repository that can be used for new GitHub repositories?

[hythloda]

We have a WIP proposal for what sections each should have. We would love comments!

[jeffmendoza]

Allstar can enforce security.md and branch protection currently. We can add more features as needed as well.

[SecurityCRob]

As TIs are reporting in quarterly, part of that process is a docs review/check to ensure that group has completed all the necessary tasks. This review should be complete by the end of Q3.