ossf
Proposal: Contributor Ladder
This is a rough draft for discussion. We can also adapt this to Scorecards with minor changes, then share a generalized version at the foundation level.
| Name | Pre-reqs: Indicators to look for before promotion | Expectations | Recognition, Access, Effect of access |
|---|---|---|---|
| Contributor | One of: 1. Regular PRs for code/docs. 2. Regular feedback on discussion topics in issues/slack 3. Regular meeting attendance and contribution. For a period of time… (30-60 days?) | Continue pre-req. | Added as GitHub Outside Collaborator to repo. (read or triage: project specific?) Tests on PRs run automatically without approval |
| Approver | Regular PRs for code/docs of moderate to substantial impact. Participates in many high-level proposals and discussions. | Available to have PRs assigned to them for review: Will review within 1 business day, otherwise notifies team when unable to review (ooo, etc.) Responds to requests for input/discussion over issues and slack | Added as GitHub Outside Collaborator to repo with write/push access. Approves and merges PRs |
| Maintainer | Consistently drives the project through code, proposals, project direction, leadership, etc. | Responds and makes final decisions on all large proposals, features, architecture changes, design, documentation of project | Full access and ownership. Creates releases, and finalizes changelog updates, sends project update announcements. |
Some notes:
- I’m only including "outside collaborator” access, as I have no idea the requirements to be added to the openssf org. AI: Figure out if we can incorporate org member at some level.
- Process for adding/removing members of levels is not covered, Will be handled by maintainer until a more formal process is needed.
Draft for recommended OpenSSF level ladder, to propose
| Name | Pre-reqs: Indicators to look for before promotion | Expectations | Recognition, Access, Effect of access |
|---|---|---|---|
| Contributor | One of: 1. Regular PRs for code/docs. 2. Regular feedback on discussion topics in issues/slack 3. Regular meeting attendance and contribution. For a period of time… | Continue pre-req. | Added as GitHub Outside Collaborator to repo with read access. Tests on PRs run automatically without approval |
| Approver | Regular PRs for code/docs of moderate to substantial impact. Participates in many high-level proposals and discussions. | Available to have PRs assigned to them for review: Will review in a timely manner, otherwise notifies team when unable to review (ooo, etc.) Responds to requests for input/discussion over issues and slack | Added as GitHub Outside Collaborator to repo with write/push access. Approves and merges PRs |
| Maintainer | Consistently drives the project through code, proposals, project direction, leadership, etc. | Responds and makes final decisions on all large proposals, features, architecture changes, design, documentation of project | Full access and ownership. Creates releases, and finalizes changelog updates, sends project update announcements. |
Recommended project tweaks: Add time for code review expectations. Consider if any release/changelog update tasks can be automated and/or handled by an approver.
@jeffmendoza Thanks. This will help new contributors and encourage them.
The only concern I have is this
Available to have PRs assigned to them for review: Will review within 1 business day, otherwise notifies team when unable to review (ooo, etc.)
1 business day could be hard on anyone. Work, family, etc. I would recommend it to be 3.
We could propose something like this to OSSF https://github.com/sigstore/community/blob/34e766c7404696797640f0f3a702bfff9d306eff/community-membership.md
cc @cpanato
Thanks for the input. If someone is assigned a review, I think an expectation for a timely response is good. If they have obligations, a reply that they can't get to it immediately would be expected. In addition, calling these expectations vs requirements is significant. Each project can fine tune the exact number.
Maybe for Allstar we'll split the difference and go with 2 and see how that goes.