meta: github organization management policy #219
Conversation
Github-Org-Management-Policy.md
Outdated
|
|
||
| Individual users within a GitHub organization may be granted one of three | ||
| distinct roles: Member, Owner, or Billing manager. The permissions granted | ||
| to each role are documented in the GitHub documentated [Permission levels for |
There was a problem hiding this comment.
Nit: hyphenate as GitHub-documented or (better, in my opinion) just remove that as it's not really relevant: documented at https://help.github.com/articles/permission-levels-for-an-organization/.
There was a problem hiding this comment.
agree with removing, this was confusing to read
Github-Org-Management-Policy.md
Outdated
| All voting members of the Node.js TSC shall have Owner permissions within the | ||
| Node.js Foundation GitHub Organization. Additional users may be granted Owner | ||
| permissions at the discretion of the TSC through normal TSC motion and simple | ||
| majority vote. |
There was a problem hiding this comment.
This is a change from the current situation. Right now, all members of the CTC are Owners. Is this an intentional change? If so, what's the reason for changing things?
There was a problem hiding this comment.
Nope, just put something down so it can be discussed. We have never had a formalized policy on this so it's a point we need to decide on.
There was a problem hiding this comment.
Is the goal here to document where we're currently at, or where we want to go? I recall chats with various folks about beefing up the bot so that there is less of a need to hand out owner permissions, which I think is a good thing. That said, we're not to that point yet with the bot.
There was a problem hiding this comment.
@nebrius ... both :-) The goal is primarily to have a set policy in place. Part of that may be establishing a guideline where one does not currently exist, or improving on existing practice to make it more robust.
There was a problem hiding this comment.
kk. Down the road, I think it would be good to sort of create our own roles that correspond to access levels within the bot, and then start getting really stringent on who we give ownership rights too (like, not even TSC by default)...but we're not ready for that yet, so it's probably premature to bake that language in now, given that we want to do both.
There was a problem hiding this comment.
All CTC members are not Org owners at this time. Some are but most were added before the TSC/CTC split.
What exactly do we want people to have access to that they only have if they are org owners?
What worries me about these 1-to-1 mappings are that they end up increasing the barrier to adding people to these groups and load them up with concerns unrelated to why they may be wanted on the TSC/CTC.
There was a problem hiding this comment.
All CTC members are not Org owners at this time.
Current Org owners are all 19 members of the CTC + @mikeal. https://github.com/orgs/nodejs/people?utf8=%E2%9C%93&query=role%3Aowner
There was a problem hiding this comment.
I'd like to also mention the CommComm here again. As a group with equal organizational standing under the board, ownership should not be exclusive to TSC and CTC members.
There was a problem hiding this comment.
Judging from nodejs/CTC#97, it seems to make sense to have CTC members as org owners; and reading through our moderation policy, it seems like TSC members should be owners too, since they are the ones that are allowed to take github org-wide actions (“Only a TSC member may Remove or Ban an individual from the Node.js GitHub Organization”).
I’m not sure how that works for the CommComm anyway… it would currently fall under TSC moderation, right? That doesn’t seem intended.
There was a problem hiding this comment.
Well, the moderation policy and other bits existed before the CommComm did so it was impossible to take those into consideration really. The intent prior to the formation of the CommComm was for the Github organization to be directed operationally by the TSC in nearly every aspect. This notion that it would be co-managed by both is new and is not something that I think has been fully digested. We need to take some time to understand what exactly it means and what the ramifications are. I'm sure there are also concerns. For instance, what happens if the CommComm adopts a different moderation policy than the TSC, which one applies in any given instance if the GitHub organization is being managed by both? It can be a tricky exercise.
One suggestion that has been made in a couple of conversations I've had is that it may be easiest for the Community Committee to actually maintain it's own separate GitHub organization, much the same way that the Express project and libuv maintain their own GitHub organizations. There's absolutely nothing that requires the CommComm to use the existing github.com/nodejs organization. It may be the easiest and least controversial approach to take.
Github-Org-Management-Policy.md
Outdated
| ### Members | ||
|
|
||
| GitHub users may be granted Member status in the Node.js Foundation GitHub | ||
| Organization by any Owner. |
There was a problem hiding this comment.
This makes it sound like Owners can add Members at their whim. I'd prefer there be criteria, especially if we're going to continue the practice of providing all Members with access to the moderation repo.
There was a problem hiding this comment.
Right now, as far as I know, people are added as members when they need to be added to a GitHub team within the organization.
For the collaborators team, that happens when they are being onboarded as a Collaborator.
For teams that correspond to working groups, that happens when they've been accepted as members of the working group.
For teams that correspond to localization groups, that happens basically when they ask to join. "Hey, you want to join the Freedonian Localization team? DONE!" (Aside: How active are the localization groups? I don't get the impression that they're very active, but maybe some of them are and it's just not visible to me?)
There was a problem hiding this comment.
Need to see if we can formalize this into specific policy language. Perhaps...
GitHub users may be granted Member status in the Node.js Foundation GitHub
Organization by any Owner when:
* The user is being onboarded as a Collaborator in any Node.js Foundation repository
* The user is accepted as a member of any Node.js Working Group or team.
There was a problem hiding this comment.
Mostly 👍 on that. Just a nit on the first bullet point: The Collaborator role is specific to the main repo as far as I know, so we can just specify that repo.
The second bullet point seems to accurately reflect current practice as best as I can tell.
There was a problem hiding this comment.
I agree that the second bullet point is what happens. It's quite informal in respect to how people are added to some teams so we might say:
- The user is accepted as a member of any Node.js Working group or added to any of our github teams.
There was a problem hiding this comment.
First of all, all of the comments are out of line with the existing processes.
Second, we allow individual WGs to define their own criteria and process for adding members (which in-turn become org members). What we should not do is define a process here that restricts their ability to continue to define and add members at their own discretion.
If the document is to remain purely administrative it would say something along the lines of "GitHub users are added to the org when they are added to a Working Group. Org Owners should add new members to orgs/teams when requested by a WG."
Github-Org-Management-Policy.md
Outdated
| ## Repositories | ||
|
|
||
| Any organization member may create new repositories within the Node.js | ||
| Foundation GitHub Organization. Any such repository is considered to be a |
There was a problem hiding this comment.
Nit: remove considered to be. Either it is actually under the ownership of the Node.js Foundation or it is not.
Github-Org-Management-Policy.md
Outdated
|
|
||
| All Billing managers for the Node.js Foundation GitHub Organization shall | ||
| be determined by the Node.js Foundation Board of Directors with notification | ||
| given to the TSC. |
There was a problem hiding this comment.
Billing manager == someone who pays the bills?
There was a problem hiding this comment.
Yes, this is a role specifically defined by GitHub. The Node.js Foundation org account currently does not have anyone assigned to this role.
There was a problem hiding this comment.
Our org is free, comp'd because we are a non-profit (and because we sort of helped out GitHub in beta testing their new orgs a year or so back).
This email address may still be used if you're trying to recover an org someone has taken over but that may be an outdated notion, possibly before the new orgs system, because any Owner can swap out that value now so it wouldn't make a very good recovery attribute.
Github-Org-Management-Policy.md
Outdated
| Foundation GitHub Organization. Any such repository is considered to be a | ||
| project under the ownership of the Node.js Foundation, and thereby subject | ||
| to the Intellectual Property and Governance policies of the Foundation under | ||
| the operational direction of the TSC. |
There was a problem hiding this comment.
I read this as all repos are automatically under the TSC, however in practice we have some repos that are not under the TSC (community, board, etc). How does this play in to the scope of the TSC? What if one of these new repos doesn't fit into that scope?
I wonder if it would make more sense to have them default to falling under the board, and then officially brought under the TSC via some sort of explicit process (vote in a meeting?) so that we can vet them for scope.
@williamkapke I'm especially curious to hear your thoughts on this.
There was a problem hiding this comment.
I see no conflict here with regards to those. They are essentially just spaces carved out to help with general operation of Foundation initiatives. The TSC essentially delegates responsibility for those repositories to the Foundation. If the Foundation needs operational oversight of those (for instance, if the Foundation needs to designate someone with owner permissions in the Org specifically for those repositories), then a simple request to the TSC is made to add that owner.
There was a problem hiding this comment.
The goal here should be to:
- Reduce barriers to spinning off existing work into a sub-project.
- Reduce barriers to spinning up new organizational efforts (non-code repos).
- But also restrict new out-of-scope code projects from being taken on within the org and verify they follow the right legal process when they do.
It's hard to do all of these simultaneously.
Github-Org-Management-Policy.md
Outdated
| Organization without standard TSC motion and simple majority vote. In certain | ||
| cases, Node.js Foundation Board of Director approval may also be required. | ||
|
|
||
| All repositories must have a README that clearly identifies the purpose of the |
There was a problem hiding this comment.
Maybe link here to https://github.com/nodejs/TSC/blob/master/WORKING_GROUPS.md and add a blurb about starting a WG?
There was a problem hiding this comment.
Would be great if we could get some guidelines written up and what every README should include so people aren't just trying to figure this out as they go.
There was a problem hiding this comment.
nit: Board of Directors*
Github-Org-Management-Policy.md
Outdated
| ### Members | ||
|
|
||
| GitHub users may be granted Member status in the Node.js Foundation GitHub | ||
| Organization by any Owner. |
There was a problem hiding this comment.
I agree that the second bullet point is what happens. It's quite informal in respect to how people are added to some teams so we might say:
- The user is accepted as a member of any Node.js Working group or added to any of our github teams.
Github-Org-Management-Policy.md
Outdated
| the operational direction of the TSC. | ||
|
|
||
| No repository may be transfered into the Node.js Foundation GitHub Organization | ||
| without standard TSC motion and simple majority vote. |
There was a problem hiding this comment.
I think we had agreed that there would be some level of board consultation when transferring in, with at least a FYI for smaller components/projects
There was a problem hiding this comment.
I think where we landed on that was:
- Anything outside the new "TSC Scope" would be reviewed by the board prior to being moved in.
- Anything within the "TSC Scope" can happen without a board approval but the board should still be notified.
Github-Org-Management-Policy.md
Outdated
| All repositories must have a README that clearly identifies the purpose of the | ||
| repository, and governance documentation that details how the repository is | ||
| managed. | ||
|
|
There was a problem hiding this comment.
I think we should also be explicit here that it needs to have a license covering the content in the repo and that the license should be in the 'Ok' list unless there is approval from the TSC prior to the repo being created/pulled in.
There was a problem hiding this comment.
@mhdawson Many repos have no content and are only used for their Issue tracker. If a repo has code in it we definitely need a license but also need a bunch of other stuff (DCO, Governance, etc).
Github-Org-Management-Policy.md
Outdated
| All voting members of the Node.js TSC shall have Owner permissions within the | ||
| Node.js Foundation GitHub Organization. Additional users may be granted Owner | ||
| permissions at the discretion of the TSC through normal TSC motion and simple | ||
| majority vote. |
There was a problem hiding this comment.
I'd lean towards leaving it at CTC+TSC members and then narrow down once we have the required automation in place.
|
I have some high level concerns about this document. It seems like we're writing a policy that maps governance bodies, which have direct responsibilities to parts of the project, to current GitHub permission architectures. For instance, "GitHub users may be granted Member status in the Node.js Foundation GitHub Organization by any Owner." That's just an explanation of the current GitHub permission system, not a statement of what our current or intended policy is for adding people to the org. In reality, people are proposed to be added to WGs all the time and, once that WG agrees to add them, all of those people are added to the WG team and the org. Currently, this is a manual process but it could, and definitely should, be automated. We have two repositories, security and secrets, which we should limit access to as much as possible. The secrets repo in particular should have the bare minimum number of users with access. The more org owners we add the more people have access to that repository. I don't think we want to be in a situation where adding people to the TSC has a side effect of multiplying attack vectors on the project's infrastructure. I don't think we want to view increasing the membership of the TSC as decreasing the security of the project. I also don't think that we want to outline how the project should function, in terms of process and governance, and bind it so directly to how GitHub operates. If we can automate or work around GitHubs processes and permission structure we should do just that (and in fact we already do this all the time). If we take a step back and think about how we ideally want to see the org function I don't think it would look like this document. Instead, it would look like something that isn't immediately achievable with GitHub's permission system and with which we have to implement a few workarounds and automation, but that's not too difficult and in many cases is something we are already doing in practice. |
Github-Org-Management-Policy.md
Outdated
|
|
||
| ## Repositories | ||
|
|
||
| Any organization member may create new repositories within the Node.js |
There was a problem hiding this comment.
This seemingly conflicts with the TSC README which seems to indicate that TSC folks create repositories. Does this really mean that any of the hundreds of people in the nodejs org should feel empowered to create new repositories within the Node.js GitHub org? If not, revise the wording for more clarity on that.
There was a problem hiding this comment.
My current thinking is that any collaborator should be able to create a repository so long as there are no objections from CTC or TSC. Essentially, the collaborator who wants to create a repository would open an issue in either nodejs/ctc or nodejs/tsc and ask. If there are no objections after 48 hours, then go forth and create.
There was a problem hiding this comment.
Maybe this PR should update the List of TSC Responsibilities section of the main README.md to change this:
Creating new repositories and projects under the nodejs GitHub organization as required
...to something more like:
Reviewing and approving proposed repositories and projects under the nodejs GitHub organization as required
There was a problem hiding this comment.
Thanks for kicking this off @jasnell! I made a few remarks. Mostly, I would like to indicate that the CommComm was missing from this. Additionally, I think this should also include (at least brief mention) of the implications that these permissions levels have for moderation.
Github-Org-Management-Policy.md
Outdated
|
|
||
| The Node.js Foundation Github Organization (https://github.com/nodejs) is | ||
| provided as a development resource by the Node.js Foundation under the | ||
| operational direction of the Node.js Technical Steering Committee (TSC). |
There was a problem hiding this comment.
This line would suggest that operations are directed exclusively by the TSC, however, since the CommComm is on equal footing under the Board and also uses the GitHub repo, I feel like it should be listed here. I also wonder if that relationship is part of what this document is sussing out, and something we should further discuss!
There was a problem hiding this comment.
That is part of it yes. This is intended specifically to begin tracing out those lines and figuring out how things should evolve. This initial take was meant just to give us some wording to kick around as we fill in the details.
Github-Org-Management-Policy.md
Outdated
|
|
||
| Individual users within a GitHub organization may be granted one of three | ||
| distinct roles: Member, Owner, or Billing manager. The permissions granted | ||
| to each role are documented in the GitHub documentated [Permission levels for |
There was a problem hiding this comment.
agree with removing, this was confusing to read
Github-Org-Management-Policy.md
Outdated
| All voting members of the Node.js TSC shall have Owner permissions within the | ||
| Node.js Foundation GitHub Organization. Additional users may be granted Owner | ||
| permissions at the discretion of the TSC through normal TSC motion and simple | ||
| majority vote. |
There was a problem hiding this comment.
I'd like to also mention the CommComm here again. As a group with equal organizational standing under the board, ownership should not be exclusive to TSC and CTC members.
Github-Org-Management-Policy.md
Outdated
| Organization without standard TSC motion and simple majority vote. In certain | ||
| cases, Node.js Foundation Board of Director approval may also be required. | ||
|
|
||
| All repositories must have a README that clearly identifies the purpose of the |
There was a problem hiding this comment.
nit: Board of Directors*
jasnell
force-pushed
the
github-org-policy
branch
from
341894c
to
8f1199a
Compare
|
@nodejs/tsc @nodejs/community-committee ... fairly sizable update on this based on the feedback. Again, this is intended to give language that we can kick around until we get something that works. This captures both existing policy and new policy that needs to be carefully thought through. If there are bits in here that simply do not work, please speak up and say so. It is most helpful if such comments also include suggestions for improvement ;-). Thanks all. |
Github-Org-Management-Policy.md
Outdated
| a project under the ownership of the Node.js Foundation, and thereby subject | ||
| to the Intellectual Property and Governance policies of the Foundation. | ||
|
|
||
| No repository may be deleted, transfered in to, or transfered out of, the |
| The Node.js Foundation Github Organization (https://github.com/nodejs) is | ||
| provided as a development resource by the Node.js Foundation under the | ||
| joint operational direction of the Node.js Technical Steering Committee (TSC) | ||
| and Node.js Foundation Community Committee (CommComm). |
There was a problem hiding this comment.
Since we're listing out owners, I believe this should be "Node.js Technical Steering Committee (TSC), Node.js Foundation Community Committee (CommComm), and the Node.js Foundation Board," since there are a few repos (nodejs/board, nodejs/live.nodejs.org, others?) that are directly operated by the board.
Github-Org-Management-Policy.md
Outdated
| after 72 hours. If any objection is made, the request may be moved to a single | ||
| vote in which a simple majority of both the TSC and CommComm is required to | ||
| approve. Such requests must be posted as issues to either the nodejs/TSC or | ||
| nodejs/community-committee repositories. |
There was a problem hiding this comment.
Is the idea here that people would request access via the TSC or CommComm based on who is closer to their area? e.g. a CTC or TSC member would request through the TSC, while a CommComm member would request through CommComm? Should the other committee be notified when one committee receives a request? (I can see arguments both ways)
I don't think we should formalize any of this in this doc (I'd prefer to keep it more generic and flexible), I just want to make sure I understand the idea behind it.
There was a problem hiding this comment.
If we do this we should likely document the process in a CTC onboarding doc
Github-Org-Management-Policy.md
Outdated
| organization shall be maintained *unless* the individual is also no longer a | ||
| voting member of either the TSC or Community Committee. | ||
|
|
||
| An individuals Owner permissions shall be automatically removed if they are no |
There was a problem hiding this comment.
nit: need an apostrophe in individual's
Github-Org-Management-Policy.md
Outdated
| after 72 hours. If any objection is made, the request may be removed to a single | ||
| vote in which a simple majority of both the TSC and CommComm is required to | ||
| approve. Such requests must be posted as issues to either the nodejs/TSC or | ||
| nodejs/community-committee repositories. |
There was a problem hiding this comment.
When someone makes a request, is the idea that the committee who received the request would become the owner of that repo? I may be overthinking this, but do we need to be concerned with someone requesting a new repo from one committee, getting turned down, and then requesting from the other committee as a way to get around the first?
| All repositories must have a README that clearly identifies the purpose of the | ||
| repository, governance documentation that details how the repository is managed, | ||
| and an indication of whether the repository falls under the operational | ||
| direction of either the TSC or CommComm. |
There was a problem hiding this comment.
I believe this should read "TSC, CommComm, or the CTC" since the CTC can have working groups under it.
There was a problem hiding this comment.
@nebrius iiuc CTC activities are just delegated from the TSC, from an outside or board view all of that falls under TSC responsibility, so I think the phrasing here is correct as it is
Github-Org-Management-Policy.md
Outdated
| after 72 hours. If any objection is made, the request may be moved to a single | ||
| vote in which a simple majority of both the TSC and CommComm is required to | ||
| approve. Such requests must be posted as issues to either the nodejs/TSC or | ||
| nodejs/community-committee repositories. |
There was a problem hiding this comment.
If we do this we should likely document the process in a CTC onboarding doc
Github-Org-Management-Policy.md
Outdated
| Upon the completion of the TSC Director, TSC Facilitator, or elected individual | ||
| member representative's terms, their Owner permissions within the GitHub | ||
| organization shall be maintained *unless* the individual is also no longer a | ||
| voting member of either the TSC or Community Committee. |
There was a problem hiding this comment.
this and the below paragraph seem to contradict each other if an elect individual member is also on CTC
Github-Org-Management-Policy.md
Outdated
|
|
||
| Any repository created under the Node.js GitHub Organization is considered to be | ||
| a project under the ownership of the Node.js Foundation, and thereby subject | ||
| to the Intellectual Property and Governance policies of the Foundation. |
There was a problem hiding this comment.
Should we specify license expectation here?
Github-Org-Management-Policy.md
Outdated
| after 72 hours. If any objection is made, the request may be removed to a single | ||
| vote in which a simple majority of both the TSC and CommComm is required to | ||
| approve. Such requests must be posted as issues to either the nodejs/TSC or | ||
| nodejs/community-committee repositories. |
There was a problem hiding this comment.
This should be documented in Collaborators guide
Github-Org-Management-Policy.md
Outdated
| No repository may be deleted, transfered in to, or transfered out of, the | ||
| Node.js Foundation GitHub Organization without a simple majority vote of both | ||
| the TSC and CommComm. In certain cases, Node.js Foundation Board of Directors | ||
| approval may also be required. |
There was a problem hiding this comment.
should there be a caveat for repo's created not following this process?
|
If/when this lands, it should be communicated out to all collaborators somehow. Most of them don't pay attention to this repo. (I myself unsubscribe from issues in it all the time.) Sorry if I'm repeating something that's already been brought up. I admit to only skimming the issue at this point. |
jasnell
force-pushed
the
github-org-policy
branch
from
4c1fdd2
to
f01bf1e
Compare
|
@nodejs/tsc ... please review. |
|
If there are no TSC objections after 48 hours I will land this. |
|
one final ping to @nodejs/tsc |
|
Ping @nodejs/ctc ... please take a look at this and weigh in. Landing this policy change will mean that the owner permissions for all current github account owners will be modified in accordance with the new policy. @williamkapke ... I know you previously had done some work on a bot for automating administrative tasks and I know that I had some general concerns around the security of that. I'd like to see if we can revisit that issue. If (a) the bot can be hosted on secured foundation infrastructure and (b) the permissions for the bot can be limited to a specific set of actions such as adding/removing/banning, etc, then I think my concerns around the security can be addressed. |
|
@nodejs/community-committee ... please take a look at this as well. This policy change impacts the Community Committee also by providing a clear guidelines by which CommComm members can become part of the administrative team. @nodejs/ctc and @nodejs/community-committee ... I'd like everyone to pay particular attention to the part that this policy says that members of either committee who request owner permissions will get those automatically after 72 hours if there are no objections. In other words, if this policy change lands, it will be important for TSC/CommComm members to be actively engaged in reviewing these requests. The CTC/TSC will need to be particularly careful given that owner permissions grant access to the nodejs/node-private repo used to triage security issues. If anyone has any alternative suggestions on that part, please offer them but please be more specific than, "I don't like this part" because vague feedback does not help me make it better. Thank you. |
Another way of solving this would be just removing the security repo, and moving to a purpose-built security issue solution, like HackerOne, see commentary here: nodejs/security-wg#38 (comment) cc: @nodejs/security |
|
@mcollina .. updated All.. I tweaked this just a bit to add that the Node.js Foundation Executive Director is also granted owner permissions in the organization. This is largely a formality. I also made the auto-acceptance period 7 days instead of 72 hours to give more time for review. |
|
Updated based on feedback received. @nodejs/tsc @nodejs/ctc please take a final look. If there are no objections by Wednesday I will get this landed. |
|
@mhdawson, can I please ask you to take this pr over? |
|
@mhdawson This looks like it is ready to merge, and I'm happy to make a plan with you about next steps for this. |
|
And I -just- realized that one of those first next steps that I'm sure a lot of folks are waiting on is the Travel Fund!!!! We need to hop on this so people can request. |
Github-Org-Management-Policy.md
Outdated
|
|
||
| ### Owners | ||
|
|
||
| The Node.js Foundation Executive Directory, Node.js TSC Director, TSC Chair, |
Github-Org-Management-Policy.md
Outdated
| ### Owners | ||
|
|
||
| The Node.js Foundation Executive Directory, Node.js TSC Director, TSC Chair, | ||
| and Community Committee Chair, Node.js Foundation Executive Director, and |
There was a problem hiding this comment.
Typo: remove first and
Copy/paste error: Remove Node.js Foundation Executive Director as they're already on the list earlier.
|
@nodejs/tsc one final call for comments/concerns before we land. (Of course after integrating the outstanding nits) |
|
@ashleygwilliams can you confirm if your comments have been addressed either with new comments or by clearing your previous request for changes. |
|
@mhdawson thanks for the ping. updated my review. |
|
@nodejs/tsc this is an significant change to current policy. Please review and weigh in |
| @@ -0,0 +1,81 @@ | |||
| # Node.js GitHub Organization Management Policy | |||
|
|
|||
| The Node.js Foundation Github Organization (https://github.com/nodejs) is | |||
|
Ping @nodejs/tsc once again. |
|
|
||
| No repository may be deleted, transferred in to, or transferred out of, the | ||
| Node.js Foundation GitHub Organization without a simple majority of both | ||
| the TSC and CommComm in *favor* of the action. In certain cases, Node.js |
There was a problem hiding this comment.
Even if the repository is managed by only one the parties (TSC or CommComm), both of them have to agree?
Github-Org-Management-Policy.md
Outdated
| To remove any current member from the GitHub organization, an issue must be | ||
| opened in the nodejs/admin repository. If, after 72 hours, there are no | ||
| objections from the other Owners, removal becomes automatic. If there are | ||
| objections, then a simple majority vote of each of the Technical Steering and |
There was a problem hiding this comment.
If the motion fails in either of the committees then the ban will not established, right?
There was a problem hiding this comment.
Also, if there is a tie, (one party agrees and the other one disagrees), what would happen to the ban request?
There was a problem hiding this comment.
Correct. A tie (one committee agrees, the other doesn't) would mean that it fails. It must be a simple majority in both.
|
@nodejs/tsc and @nodejs/community-committee ... there have been no objections raised on this. I'm assuming that means there is consensus. I will merge this a bit later this morning. |
|
Actually... I take that back, there were a few typos I had to fix and one substantive change... when it comes to banning/blocking existing members, objections may be raised by any TSC/CommComm member which would require a vote. Previously it was any owner, but since the owners are now restricted to a smaller group, it makes sense to allow any CommComm/TSC member to object. Given that change, I'll give it until Monday to land. |
|
|
||
| No repository may be deleted, transferred in to, or transferred out of, the | ||
| Node.js Foundation GitHub Organization without a simple majority of both | ||
| the TSC and CommComm in *favor* of the action. In certain cases, Node.js |
There was a problem hiding this comment.
"In certain cases" - Did you have any such cases in mind?
There was a problem hiding this comment.
When bringing in a completely new top level project, for instance.
| Repositories that are under the operational direction of the Community Committee | ||
| are subject to CommComm oversight. | ||
|
|
||
| ## Removing or Banning Individuals |
There was a problem hiding this comment.
I feel like removing and banning are overlapping with @nodejs/moderation team's responsibilities.
There was a problem hiding this comment.
No, only org owners can ban. If the moderation team determines that a ban is necessary, they would ask one of the owners to actually do the ban.
There was a problem hiding this comment.
Specifically, mod team does not have owner status in the org
There was a problem hiding this comment.
Thanks for clarifying @jasnell 👍
|
Ping @mhdawson and @williamkapke ... I've updated to allow all TSC/CommComm members write access in the nodejs/admin repo. |
| Repositories that are under the operational direction of the Community Committee | ||
| are subject to CommComm oversight. | ||
|
|
||
| ## Removing or Banning Individuals |
There was a problem hiding this comment.
Maybe /s/ban/block which is the GitHub terminology (https://help.github.com/articles/blocking-a-user-from-your-organization/).
Else maybe define/referance semantics of ban?
There was a problem hiding this comment.
We can hit that in a separate PR.
Fixes: nodejs#101 Fixes: nodejs#125 Fixes: nodejs#269 Fixes: nodejs#285 Fixes: nodejs#289 Fixes: nodejs#295 Fixes: nodejs#328
jasnell
force-pushed
the
github-org-policy
branch
from
06bad58
to
ea7e417
Compare
|
@jasnell thanks for updating to reflect access to the admin repo as I think that makes sense. |
|
Landing given the lack of objections. |
|
Ping @hackygolucky ... this has landed! |
@nodejs/tsc: This is the beginnings of a work-in-progress github organization management policy. The intent is to outline the governance of user roles within the organization, formalization of repository management, and so forth. There have been a number of issues opened (and as yet unresolved) as to who has organization ownership and there have been some recent discussions around this.
Consider this an incomplete proposal for the time being. Input is requested.