toc icon indicating copy to clipboard operation
toc copied to clipboard

Published 20 hours ago verified publisher icon cncf

Add a formal Govenance review to Graduating DD

Open jberkus opened this issue 2 years ago • 8 comments

TOC,

One of the requirements for a project reaching graduated is for it to be employer-neutral. As such, the Governance WG of TAG-Contributor-Strategy frequently gets asked either by the TOC or by a project lead, informally, to review project governance.

Given this, it would make sense to simply add a statutory requirement that all Graduated applications need to include a review and signoff from TAG-Contributor Strategy that the project has open and neutral governance. This would be similar to the security review that TAG-Security does. Since this is something we're already informally doing, TAG-CS can staff this.

jberkus avatar Dec 05 '22 17:12 jberkus

I won't be able to make today's call. Sounds good to me, though.

RichiH avatar Dec 06 '22 04:12 RichiH

Looks good to me.

cathyhongzhang avatar Dec 06 '22 16:12 cathyhongzhang

@jberkus Thanks for the proposal and for the governance reviews. We talked about it and there are a number of things we would ideally like.

  • Good examples of project governance
  • A description of what project governance should include
  • Mentoring/guidance along the way to help people with their governance.

The graduation criteria is where governance is required. We want there to be governance that's followed before a project graduates. So, when a project gets to incubation it would be great for them to have material and guidance for them to get a good governance operating prior to applying for graduation.

As for signoff on governance at graduation, the TOC wants to keep that. If there is good source material and guidance (where needed) it should go a lot way toward helping projects. As for an informal review, the way the Security TAG review is handled now, this is something we are discussing.

mattfarina avatar Jan 11 '23 14:01 mattfarina

@mattfarina have you taken a look at the governance documentation we already have at contribute.cncf.io? What do you feel is missing? We have one template document that's still pending ... what else do we need?

jberkus avatar Jan 13 '23 01:01 jberkus

One of the requirements for a project reaching graduated is for it to be employer-neutral.

Where is that requirement documented? Is it an extrapolation from the criteria to "Have committers from at least two organizations"?

craigbox avatar Mar 08 '23 02:03 craigbox

I think this could actually be more helpful at the incubation level where the review is done and a checklist could be created. As the project matures towards graduation, it could also work through this governance checklist and part of the graduation review could be checking if the project has gone through all of the updates. Since governance is not a fast moving topic, having it so late in the process doesn't really make sense to me.

xmulligan avatar Mar 09 '23 07:03 xmulligan

@xmulligan I would suggest there should be reviews at both incubation and graduated, reflecting the different expectations for each level. My reading (admittedly somewhat between the lines in places) is that for incubation there should be solid governance process in place, but a project can still be de facto controlled by a single vendor, e.g. the majority of maintainers come from one company; whereas, for graduation, you should be in a position where any single vendor could drop out, but the project itself would continue (I am not sure all currently graduated projects would pass that test).

ahrkrak avatar Mar 04 '24 20:03 ahrkrak

with the new graduation/incubation templates I think this can probably be closed as projects will probably need a review to meet all of the requirements or they can check it off on their own

xmulligan avatar May 02 '24 15:05 xmulligan