-
Notifications
You must be signed in to change notification settings - Fork 70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[PROPOSAL] Maintainers and admins communication channel #63
Comments
in previous FOSS projects & co. we had two or three channels:
discussions would usually transition between these places, final decisions would be documented in the forum (internally or externally, depending on the decision). this tended to work pretty well, then again these were more informal things with no companies being involved, so a lot less red tape was involved 😄 |
@rursprung Forum is already in place actually https://discuss.opendistrocommunity.dev/, it is not 100% maintainers and admins but could be used as such as well as for wider community reach. I would favour mailing list among others for a few reasons (drawing some experience from ASF and OpenJDK):
IRC / Slack / Discord - at least one of those would be great for reaching people directly / have live conversations. In the same vein, I think it would be great to have once a week call (non mandatory participation) to share the ongoing issues / pain points / development. |
I tend to agree here. Sync chats or voice are tricky with timezones. (Also, I'd prefer anything but Chime for a variety of reasons.) This has been a continually vexing problem for the project and I don't want to demand that people who want to contribute/participate work on North American timezones (or any specific one for that matter). To add a little flavour to this problem: somewhere between 20-30% of the tweets that mention OpenSearch originate in time zones +5-+12 (India to New Zealand, with a large concentration in Japan). There a vanishingly small # of hours to have synchronous connections with people in say Tokyo, Tel Aviv, and Seattle: That being said, for the general sleep schedule of group and to not bias towards a particular part of the world, keeping it to a mailing list or forums seems rational. |
@reta I would be glad to setup a specific forum area just for maintainers if that's the right direction. It's literally 10 minutes of work to do so. |
Thanks @stockholmux, thinking loudly what could this area be used for:
|
Hi all, I completely agree on the need of a private channel of communication to be able to discuss things like nominations, code of conduct infringement, or security issues report. All these need to be firstly discussed in a "closed door" environment before the proper final decision or outcome can be shared publicly.
Other types of communication channels could be public and I think they are out of the scope of this issue. These are my five cents on the matter. |
This assumes that OpenSearch is 1 big monolith maintained by one set of people, which I don't think we should do. So every project will need a separate way to communicate. I definitely wouldn't want to have dozens of maintainers on a single mailing list where someone is saying something not nice about a potential maintainer addition to a specific repo.
All maintainers is definitely way too big of a list for security vulnerabilities. Only maintainers of a given project that has a vulnerability should be in the loop. However routing of potential vulnerabilities may need a broader list. Thus today aws-security and opensource-codeofconduct are well oiled systems staffed 24/7 with highly specialized people that have the ability to page anyone globally at AWS. I know that's not "open", but it's also right now best for security. What could possibly replace that? Who is going to be paged in the middle of the night when there's a high severity security problem (I want someone to be paged)? Finally, we need to practice responsible disclosure and do our best to avoid having 0 day vulnerabilities in the wild, which requires more communication in private.
This could be on .github where maintainers of every project are added. Not sure whether GitHub lets you do that easily without having to add people to multiple places. |
Good points! Please take my original comment with a pinch of salt of course! Regarding, "OpenSearch" is not a monolith" issue, this could be solved with several emails for each project / module. Maybe a bit complicated to manage? For the other points, (CoC and mostly security) you make a really good point about being paged, definitely. But, as you point out, the consequence of the current solution is that is not "open" as in only AWS maintainers would have access to it. |
@jlprat Yeah, CoC and Security are tough. I do get your point - I'm not wild about them being amazon addresses either. FWIW, I was present in the original discussions about both of those contact addresses and them being amazon dot com - we wanted opensearch dot org addresses originally. The decision to use amazon dot com wasn't about ownership but rather red tape (and timeline) of having email at the domain and the approvals needed to do so. It's not impossible, it's just time/effort that will probably need to be bridged at some point. However, with regards to how those are staffed, even if reporting at those addresses were handled potentially outside of AWS it seems like there would always be someone (or a group of someones) that would need to be trusted to distribute the information to the correct folks and not everyone. From where I see it, it's always a matter of trust, no matter if it's AWS or someone else. |
@stockholmux completely in agreement |
I like the idea of enabling github discussions in the repo's it keeps things non monolithic as @dblock suggested. and is organic to the environment we are all part of. |
I'm very much less enthusiastic about GitHub Discussions, @AmiStrn. I evaluated it a few months ago and it definitely has downsides. Moderating Discourse (existing forums) is quite a bit easier and has a lot of tools to help you do so. Additionally, having distinct permissions is a huge advantage vs having it integrated with GitHub. One of the goals I've had is to enable community moderators in the forums - I can give this out to anyone on Discourse and that's the only thing they get. In GitHub I have to tie it to other repo permissions. Finally, I'm a little hesitant to centralize more on GitHub. I personally love GitHub but it's closed-source and a single-party service. The project could be kicked off GitHub (though unlikely). If the project had to, code, issues, and PRs could be ported to self-hosted GitLab or similar OSS solution. Discussions don't really have a good place to go as there isn't a good way to port-out for this feature. And it's also nice to have something that isn't reliant on the single source of failure (GitHub) should the project need to regroup. |
Description
We should have a way to discuss different issues amongst maintainers and admins via either a mailing list or some other channel. Especially since there will be more and more maintainers from outside AWS - #59
What is the problem? What is preventing you from meeting the requirements?
Currently the discussions are all out in the open which is good for most cases. However, discussions regarding nominations and perhaps other types of discussions are the kind best had in a smaller forum.
What are you proposing? What do you suggest we do to solve the problem or improve the existing situation?
Mailing lists, or in todays forum. There could be many other ways to do this. I would prefer not to have these done in Chime since the time zones would be really hard to work around.
What are your assumptions or prerequisites?
Most discussions should be out in the open, this is only for issues that are by design best had in the maintainer - admins forum.
The text was updated successfully, but these errors were encountered: