python-peps/pep-8002.rst

441 lines
20 KiB
ReStructuredText
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

PEP: 8002
Title: Open Source Governance Survey
Author: Barry Warsaw <barry@python.org>, Łukasz Langa <lukasz@python.org>,
Antoine Pitrou <solipsis@pitrou.net>, Doug Hellmann <doug@doughellmann.com>
Status: Active
Type: Informational
Content-Type: text/x-rst
Created: 2018-08-24
Abstract
========
This PEP surveys existing and similar open source and free software projects
for their governance models, providing summaries that will serve as useful
references for Python's own selection of a new governance model in the wake of
`Guido's retirement
<https://mail.python.org/pipermail/python-committers/2018-July/005664.html>`_.
Rather than an individual PEP for each of these community surveys, they will
all be collected here in this PEP.
Rationale
=========
CPython is not the first open source project to undergo a governance crisis.
Other projects have experimented various governance options, sometimes several
times during their existence. There are useful lessons to take away of their
experience, which will help inform our own decision.
Project choice
--------------
There are many open source projects out there, but it will be most fruitful
to survey those which are similar enough to CPython on a couple key metrics:
1. the number of contributors and their activity (there are scaling issues that
don't make the governance models of very small projects very enlightening
for our purposes) ;
2. being mostly or partly community-driven (company-driven projects can afford
different governance options, since the company hierarchy has power over
the main participants) ;
3. being faced with important design decisions that require a somewhat formal
decision process.
Rust
====
The governance structure is documented in `Rust RFC #1068
<https://github.com/rust-lang/rfcs/blob/master/text/1068-rust-governance.md>`_.
The effective governance process grows organically over time without being entirely
codified as RFCs, especially in case of day-to-day operation details. One example is
the `formation of Domain Working Groups
<https://internals.rust-lang.org/t/announcing-the-2018-domain-working-groups/6737>`_ in
February 2018.
Key people and their functions
------------------------------
In the Rust project there are teams responsible for certain areas. For language features
there is a "lang team", for tooling there's "dev tools" and "Cargo", and so on.
Contentious issues have facilitators to drive discussion who often aren't the decision
makers. Typically the faciliators are authors of the proposed changes (see
"Controversial decision process" below). They ensure all key decision makers are
involved along with interested community members. They push towards an agreeable
outcome via iteration.
In practice this means decisions are rarely escalated to the core team.
The most common role of a contributor is team membership. Issue triage/code review
privileges without team membership is rare. Contributors have full commit access,
code ownership separation is based on trust. Writing to the compiler repository is
frowned upon, all changes go through pull requests and get merged by an integration
bot after they were reviewed and approved.
New team members are added by nomination by an existing team member.
Regular decision process
------------------------
Primary work happens via GitHub issues and pull requests. Approving a pull request
by any team member allows it to be merged without further process. All merged pull
requests end up in the next stable version of Rust.
Notifying relevant people by mentions is important. Listening to the firehose of
e-mails for all GitHub activity is not popular.
There are planning and triage meetings open to the public happening on IRC and Discord.
They are not very popular because most of work happens through GitHub. Discussions also
happen on official Rust forums (https://users.rust-lang.org/ and
https://internals.rust-lang.org/). There is a dedicated moderation team responsible for
taking notes and enforcing `code of conduct
<https://www.rust-lang.org/en-US/conduct.html>`_.
Controversial decision process
------------------------------
Larger or controversial work goes through a `RFC process
<https://github.com/rust-lang/rfcs>`_. It allows everyone to express their thoughts and
iterates towards a resolution. At some point when all blocking concerns of relevant
team members are addressed, they sign off on the RFC and it reaches a "final comment
period". That does not require consensus amongst all participants, rather there should
not be a strong consensus against the proposal.
After 10 days the RFC is *merged* unless any new blocking concerns are raised by team
members. A "merge" signifies that work towards implementing the feature and integrating
it can now happen without interruption. An RFC doesn't have to have a reference
implementation for it to be accepted.
The other possible results of the "final comment period" are to:
* *postpone* the RFC (similar to the Deferred status in PEPs),
* get it *back into discussion* if blocking concerns can be addressed, or
* *close it* if blocking concerns are not solvable. When an RFC is marked as
*closed*, there is a 7 day grace period to debate whether it should be closed.
In practice registering concerns with an RFC happens very often initially but rarely
causes for the RFC to be entirely killed.
This process scales well for small-contention changes and/or smaller changes. For the
largest controversial changes the discussion gets unwieldy. This is a topic currently
(as of August 2018) on the minds of the Rust team (see:
`"Listening and Trust, part 1" <http://aturon.github.io/2018/05/25/listening-part-1/>`_,
`"Listening and Trust, part 2" <http://aturon.github.io/2018/06/02/listening-part-2/>`_,
`"Listening and Trust, part 3" <http://aturon.github.io/2018/06/18/listening-part-3/>`_,
`"Proposal for a staged RFC process"
<http://smallcultfollowing.com/babysteps/blog/2018/06/20/proposal-for-a-staged-rfc-process/>`_).
Planning a new release
----------------------
Every six weeks the Rust compiler is released with whatever it contained at the time.
There are no LTS channels or releases yet but this concept is planned to make
redistributors able to keep up with development better.
Every few years a so-called `"Edition"
<https://rust-lang-nursery.github.io/edition-guide/editions/index.html>`_ is released.
Those are milestone releases with full sets of updated documentation and tooling. They
can be backwards incompatible with previous editions. External packages opt into
breaking changes in their crate metadata. The Rust compiler supports all editions that
existed prior to its release. Linking between crates of any supported edition is
possible.
Changes in the process over time
--------------------------------
The Rust programming language was started by Graydon Hoare who developed it as
a personal project for a few years. When Mozilla started sponsoring the project,
the team slowly grew with Graydon as a BDFL-style figure. He `left the project
<https://www.reddit.com/r/rust/comments/7qels2/i_wonder_why_graydon_hoare_the_author_of_rust/dsqeh1d/>`_
in 2013. Rust functions without a BDFL since. The RFC process was put in place later.
Initially some design discussions happened during closed-door weekly video meetings
which was `shut down
<https://github.com/rust-lang/meeting-minutes/blob/master/weekly-meetings/2015-05-26.md#future-of-weekly-meeting>`_
in May 2015 (before the 1.0 release of Rust), organically replaced with open discussion
and direct influence of teams.
The number of teams is growing in time. The number of technical decisions made by the
core team is decreasing, instead those get delegated to respective teams.
The concept of a "final comment period" was introduced to encourage more public
discussion and enable reacting to a change *about to* being made, instead of having to
revert a rushed decision that was already made.
OpenStack
=========
The OpenStack Foundation Bylaws lay out the basic structure for
project governance, with `Article IV
<https://www.openstack.org/legal/bylaws-of-the-openstack-foundation/>`__
delegating day-to-day management of the open source project to the
OpenStack Technical Committee (TC), and `The TC member policy
<https://www.openstack.org/legal/technical-committee-member-policy/>`__
defining broadly how the Technical Committee shall be elected. The TC
publishes a set of more detailed `governance documents
<https://governance.openstack.org/tc/>`__, including `the TC charter
<https://governance.openstack.org/tc/reference/charter.html>`__, which
describes the team structure, precise rules for establishing
eligibility to run for office, and criteria for establishing the
various electorates.
Key people and their functions
------------------------------
The OpenStack community is made up of many distinct `project teams
<https://governance.openstack.org/tc/reference/projects/index.html>`__,
responsible for producing different components of the software (block
storage management, compute management, etc.) or managing different
parts of the processes the community follows (such as tracking the
release schedule). Each team is led by a *Project Team Lead* (PTL),
elected by the *Active Project Contributors* for that project.
Active Project Contributors (APCs) are recent contributors to a given
project team. APC status formally requires two things: becoming an
individual member of the OpenStack Foundation (membership is free) and
having a change merged within the last year (two development cycles)
in a repository managed by a project team.
The elected PTL serves a term equal to one development cycle (roughly
6 months). There is no restriction on the number of consecutive terms
a person may serve as PTL, and it is common for someone to serve for
several terms in a row. It is also not unusual for a team to have only
one candidate volunteer to serve as PTL for a given cycle, in which
case there is no need for an election.
The PTL represents the team in all cases except where they have
explicitly delegated some responsibility. For example, many teams
designate a separate *release liaison* to manage the release process
for a development cycle. The PTL also serves as a final decision
maker in cases where consensus cannot be reached between the team
members.
While the APCs all vote for the PTL of a team, in many other cases
only the *core reviewer* team will be consulted on policy decisions
for the team. Anyone may review any patch for any OpenStack
project. After someone demonstrates that they have a good grasp of the
technical issues of a project, that they provide useful feedback on
reviews, and that they understand the direction the project is going,
they may be invited to become a member of the core review team. Unlike
in many other communities, this status does not grant them the right
to submit code without having it reviewed. Rather, it asks them to
commit to reviewing code written by other contributors, and to
participate in team decision-making discussions. Asking someone to
become a member of the core review team is a strong indication of
trust.
The Technical Committee (TC) is responsible for managing the
development of OpenStack as a whole. The 13 members of the Technical
Committee are directly elected by APCs from all project teams. Each
member serves a term of two development cycles (roughly 1 year), with
the elections split so that only about half of the members' terms
expire at any time, to ensure continuity. The TC establishes overall
policies, such as the criteria for adding new project teams, the
deprecation policy for Python 2, testing requirements, etc.
Regular decision process
------------------------
All elections for PTL or TC members use https://civs.cs.cornell.edu to
run a *Condorcet* election. This system was selected because it
emphasizes consensus candidates over strict popularity.
The OpenStack contributor community relies on 3 primary tools for
discussion: the `openstack-dev mailing list
<http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev>`__,
a gerrit code review instance at https://review.openstack.org, and a
set of `OpenStack-specific IRC channels
<http://eavesdrop.openstack.org>`__ on Freenode. There are a few teams
whose contributors are based primarily in China, and they have trouble
accessing IRC. Those teams tend to use alternative platforms such as
WeChat, instead.
The tool used for discussing any given decision will vary based on its
weight and impact. Everyone is encouraged to use either the mailing
list or gerrit to support asynchronous discussion across a wider range
of timezones and and firewalls, especially for publicizing final
decisions for the rest of the community.
Policy decisions limited to a single team are usually made by the core
review team for a project, and the policies and decision processes may
vary between teams. Some groups write down their team policies in
their documentation repository, and use the code review tool (gerrit)
to vote on them. Some teams discuss policies on IRC, either ad hoc or
during a regularly scheduled meeting, and make decisions there. Some
teams use the mailing list for those discussions. The PTL for the team
is responsible for ensuring the discussion is managed and the outcome
is communicated (either by doing so directly or ensuring that the task
is delegated to someone else).
All team policy decisions need to be compatible with the overall
policies set by the Technical Committee. Because the TC tends to make
broader governance decisions that apply to the entire contributor
community, the process for discussing and voting on those decisions is
described more formally, including specifying the number of votes
needed to pass and the minimum length of time required for
discussion. For example, most motions require 1/3 of the members (5)
to pass and must stay open at least 3 days after receiving sufficient
votes to pass, ensuring that there is time for dissent to be
registered. See the `Technical Committee Charter
<https://governance.openstack.org/tc/reference/charter.html#motions>`__
and `house rules
<https://governance.openstack.org/tc/reference/house-rules.html>`__
for more details.
Significant design decisions are usually discussed by reviewing a
`specification document <http://specs.openstack.org>`__, somewhat
similar to a PEP, that covers the requirements, alternatives, and
implementation details. Feedback is solicited from all contributors,
and then specifications are eventually approved or rejected by members
of the core review team for a project. Some teams require only 2
reviewers to approve a design, while other teams require a stronger
indication of consensus before a design is approved. Each team sets a
`deadline for approving specifications within each development cycle
<https://releases.openstack.org/rocky/schedule.html>`__, to encourage
contributors to work out designs for significant new features early
and avoid risk from changes late in the cycle.
Smaller technical decisions are typically made by reviewing the
patch(es) needed to implement the change. Anyone may review any patch
and provide technical feedback, but ultimately two core reviewers for
a team are needed to approve most changes (exceptions are often made
for trivial changes such as typos or for fixes that unblock the CI
gating system).
Controversial decision process
------------------------------
Controversial, or merely complicated, decisions frequently expand
outside of specification reviews to mailing list discussions. They
often also result in discussions at one of the regularly scheduled
in-person community gatherings. Because many members of the community
cannot attend these events, the discussions are summarized and final
decisions are made using on-line tools as much as possible.
The PTL is responsible for deciding when consensus has been reached
for decisions that affect a single team, and to make a final call in
rare cases where consensus has not been reached and a decision
absolutely needs to be made. The TC acts as a similar decision-making
group of last resort for cases where issues *between* teams cannot be
resolved in another way. Such escalation of decision-making ends up
being rarely necessary, because the contributors directly involved
generally prefer to come to a consensual agreement rather than
escalate the decision to others.
Planning a new release
----------------------
OpenStack has a major release about every 6 months. These are
coordinated date-based releases, which include the work finished up to
that point in time in all of the member projects. Some project teams
release more often than every 6 months (this is especially true for
teams building libraries consumed by other teams). Those smaller
releases tend to be produced when there is content (new features or
bug fixes) to justify them.
The schedule for each development cycle, with deadlines and a final
release date, is proposed by the release management team, in
coordination with the Foundation staff (releases are generally aligned
with the calendar of in-person events), and then the community has an
opportunity to provide feedback before the final dates are set.
Decisions about priorities for each development cycle are made at the
team level and the TC level. Core review teams prioritize internal
work, such as fixing bugs and implementing new features. The TC
selects `community goals
<https://governance.openstack.org/tc/goals/index.html>`__, which
usually require some amount of work from all teams. Agreeing to these
priorities at the start of each cycle helps the teams coordinate their
work, which is especially important because the implementation will
require reviews from multiple team members.
Changes in the process over time
--------------------------------
Over the last 8 years the number of OpenStack project teams has grown
from 2 to 63. The makeup of the Technical Committee has changed to
accommodate that growth. Originally the TC was made up of PTLs, but as
the membership grew it became impractical for the group to function
effectively.
The community also used to be organized around "program areas" rather
than project teams. A program area covered a feature set, such as
gathering telemetry or managing block storage. This organization
failed when multiple teams of people wanted to work on the same
feature set using different solutions. Organizing teams around the
code they deliver allows different teams to have different
interpretations of the same requirements. For example, there are now
several teams working on different deployment tools.
Acknowledgements
================
Thank you to Alex Crichton from the Rust team for an extensive explanation of how the
core team governs the project.
Jeremy Stanley, Chris Dent, Julia Kreger, Sean McGinnis, Emmet Hikory,
and Thierry Carrez contributed to the OpenStack section.
Annex 1: Template questions
===========================
The following set of questions was used as a template to guide evaluation and
interaction with the surveyed projects:
1. Do you have any open documentation on how the governance model is set up?
2. How does the process look like in practice?
* Who are the key people?
* What "special statuses" can contributors have?
* How are they elected/how are the statuses assigned?
* How are regular decisions made?
* How are controversial decisions made?
* Is there a voting mechanism? how does it work? how often do votes actually happen?
* Is there a veto mechanism? how often was it actually used?
3. How do you like the process?
* Which parts work well?
* Which parts could work better?
* When it doesn't work well, how does it look like?
* What would you change if it were only up to you?
4. Related project work:
* How do you decide when a release happens and what goes into it?
* How do you decide who gets commit access?
* Where do you hold discussions? (GitHub, mailing lists, face-to-face meetings, and so on)
* Do you have a RFC/PEP-like process?
* Who has access to those discussion channels?
* How is this access granted/revoked?
* Who moderates those discussions?
* Do you (and how) censure participants and how?
5. Process evolution
* How did this process evolve historically?
* How can it be changed in the future?
Copyright
=========
This document has been placed in the public domain.
..
Local Variables:
mode: indented-text
indent-tabs-mode: nil
sentence-end-double-space: t
fill-column: 70
coding: utf-8
End: