community : Contributor ladder #305
Comments
|
We don't have anything defined as each project has autonomy to manage its own maintainers (codeowners). As a general guide, I myself view a maintainer as someone who regularly helps review code, finds and resolves bugs and adds features. A good candidate is someone who has a consistent presence in the project. I hope that helps and sorry for not being more specific. Currently a lot of your contributions (of a varied type) are towards cosign, so that looks like a good trajectory towards being a maintainer. |
|
Good to know. Thanks,I would like and being interested in becoming a maintainer now. |
|
I kind of miss having something like peribolos to manage permissions across an org, but don't really want to have to setup prow just for that. @cpanato do you know of any way to do that easier? |
I did this: https://github.com/cpanato/pulumi-github-sync and implemented it at mattermost, it is working just fine and easy to deploy and get those up and running |
|
Nice! do you think we can give it a try on one project? Cosign could use this as a start. |
|
yes! can we create a new repo that I can push the code and set up? can we don't need to connect to the pulumi UI, we can use GCP Storage as the state storage I will ping you in the sigstore slack |
|
Thanks! I realize this doesn't solve the actual contributor ladder problem, but it at least makes it so the mechanics of joining as a contributor are clearly defined and transparent. We can figure out the hard part next :) |
Pulumi is cool. But the stack would be in a personal Pulumi account and cannot be shared amongst members unless a paid account. How is this going to be handled? |
|
we will not use the pulumi account, we will store the state in the gcp storage, we will miss some nice features, but that will work fine for us |
@dlorenc -- Indeed! Could we move this discussion to sigstore/community#53? As for a contributor ladder and some context, I opened a similar issue to this a little while ago in scorecard: ossf/scorecard#1529 I haven't "figured it out" just yet, but some suggestions I'll make around it, based on previous experiences/systems/orgs I currently work in (stares at kubernetes)...
I've linked a bunch from Kubernetes, but I'd be remiss if I didn't call out the CNCF TAG Contributor Strategy body of work, a lot of which we drew from our experiences in Kubernetes and other OSS communities: https://contribute.cncf.io/maintainers/ |
|
i was speaking with Dan to re-use some docs/process from he k8s :D |
Feel free to tag me for reviews, as this is something I'm planning to do for scorecard and friends and hopefully something lightweight/generic enough to use for all of OpenSSF. |
|
w.r.t. contributing guides, I'm in the midst of rewriting the one for Kubernetes SIG Release, which I think is coming along pretty nicely: kubernetes/sig-release#1862 |
|
In terms of actually operationalizing this request, what I'd likely do is approve, add @naveensrinivasan to the org, create a team for triagers/reviewers, and give that team
|
+1, approve! |
I like this as well. That way contributors can first go to triage and we bring on new codeowners when there is a real need (lack of reviewers who can merge). This way we can have people recognised and have some ability to help out with housekeeping, but we don't end up with large codeowner grants. |
Friendly ping! |
|
Invite sent! |
|
Reopening to track the rest of the ladder process :) |
|
Does this mean @naveensrinivasan (or whoever we add) has triage over all projects in the org, or just sigstore/sigstore? |
|
Just sigstore/sigstore |
|
I'm going to work on the docs this week |
|
closing as now tracked in sigstore/community#54 |
Description
I am opening this to ask if there's a contributor ladder defined for sigstore.
How do I become an org member?
I would be happy to help do PR's reviews here, hoping to work towards maintainership.
previous contributions - mainly fuzzing sigstore and integrating with oss-fuzz
PR's in sigstore
oss-fuzz and actively maintaining the oss-fuzz issues
Issues in sigstore
https://github.com/sigstore/sigstore/issues?q=is%3Aissue+author%3Anaveensrinivasan
PR's in cosign
Issues in cosign
https://github.com/sigstore/cosign/issues?q=is%3Aissue+author%3Anaveensrinivasan+
PR's rekor
https://github.com/sigstore/rekor/pulls?q=author%3Anaveensrinivasan
Issues in rekor
https://github.com/sigstore/rekor/issues?q=author%3Anaveensrinivasan
cc @lukehinds @dlorenc @bobcallaway
The text was updated successfully, but these errors were encountered: