tag-security icon indicating copy to clipboard operation
tag-security copied to clipboard

Published 20 hours ago verified publisher icon cncf

[Proposal] Revamp triage team/system

Open lumjjb opened this issue 4 years ago • 16 comments
trafficstars

Description:

Change the way that triage is done for the repo today. Due to the increase in number of issues, PR and members, the usual ad-hoc triage system tends to result in some issues slipping through the cracks or not getting the sufficient follow-up.

Impact:

This will help the repository in general, and allow issues in the community to be given the appropriate attention and handling.

Scope:

This will include changes to the triage team definition in governance/roles.md as well as definition of labelling system and addition of several bots that can help automate some of the triage process. This would likely result in creation of several new roles to help distribute duties over the plethora of issues.

This will likely be 1-2 weeks to generate a proposal and implementation of system and fulfillment of roles will be another 1-2 weeks.

TO DO

  • [ ] SIG Representative
  • [ ] Project leader(s)
  • [ ] TBD

lumjjb avatar May 26 '21 18:05 lumjjb

We need to define when its okay to close stale issues versus backlog.

TheFoxAtWork avatar May 26 '21 18:05 TheFoxAtWork

I've been thinking of asking about a how-to triage session with someone experienced to review expectations, policy, tooling and general flow. The idea may be overwrought but for me I would welcome it. Additionally, places I've been have only used github in a supplemental way my sophistication with the native tasking/workboards/flow is a work in progress.

chasemp avatar May 26 '21 18:05 chasemp

Happy to walk thru how i've been triaging things. Maybe at a future meeting. @lumjjb thoughts?

TheFoxAtWork avatar May 26 '21 19:05 TheFoxAtWork

Yea - agreed, we should definitely have a session on this. We can center around the discussion of the new proposal, which will provide good background context.

Triage till now has been more of an "art" if you could call it that, its based very loosely around https://github.com/cncf/tag-security/blob/main/governance/roles.md#triage-team.

lumjjb avatar May 26 '21 19:05 lumjjb

Can we try to complete documentation of current process before revamping it? I think there are some cases where the process isn't being followed and other cases where maybe the process is not good or just not well-defined.

I suggest we start by trying to finalize https://github.com/cncf/tag-security/pull/545 -- in trying to review that, I realized there's quite a bit that was never written down and other parts that changed from what worked well when the group was only a dozen people. I attempted to write down my current understanding as a PR to @TheFoxAtWork's PR here: https://github.com/TheFoxAtWork/tag-security/pull/3

ultrasaurus avatar May 31 '21 20:05 ultrasaurus

create a Roadmap label (for things on the roadmap) and a TOC label (for things that are TOC asks or reported to the TOC)

TheFoxAtWork avatar Jun 30 '21 18:06 TheFoxAtWork

Proposal template should include a checkbox for the submitter to indicate their willingness to be the project lead.

If the checkbox is not completed when the proposal is submitted, then during Triage it is downgraded to a suggestion.

The proposal template should also be updated to include a checklist of the items called out in #609

TheFoxAtWork avatar Jun 30 '21 18:06 TheFoxAtWork

Triage meetings are to be bi-weekly. We'd like a non-STAG leadership person lead this. that lead gets push access to edit issues, etc. with an assigned STAG leader to assist initially.

TheFoxAtWork avatar Jun 30 '21 18:06 TheFoxAtWork

We ended up deciding to merge triage meeting into every-other-week working session, and @TheFoxAtWork edited meeting template with what was discussed in the meeting

ultrasaurus avatar Jun 30 '21 19:06 ultrasaurus

per conversation at the meeting, changed to suggestion, but maybe I should have asked first... anyone want to lead this effort?

ultrasaurus avatar Jun 30 '21 19:06 ultrasaurus

@chasemp i know you expressed some interest in this before, is this something that you'd like to be a lead on?

lumjjb avatar Jul 08 '21 13:07 lumjjb

This issue has been automatically marked as inactive because it has not had recent activity.

stale[bot] avatar Sep 06 '21 18:09 stale[bot]

Recommend #672 be modified to place triage responsibilities on Security TAG Leadership as part of their regularly scheduled TL/Co-Chair meeting to expedite issue decisions and PR merging.

TheFoxAtWork avatar Sep 23 '21 15:09 TheFoxAtWork

This issue has been automatically marked as inactive because it has not had recent activity.

stale[bot] avatar Nov 23 '21 08:11 stale[bot]

removing stale label, still needs lead discussion on this governance process.

lumjjb avatar Dec 01 '21 15:12 lumjjb

This issue has been automatically marked as inactive because it has not had recent activity.

stale[bot] avatar Feb 03 '22 04:02 stale[bot]

While still room for improvement, this has been subsumed by the delegated responsibility of triage amongst chairs and tls which often occurs during leadership sync ups. Something to look into in the future is a triage lead rotation.

anvega avatar Jun 20 '23 03:06 anvega