441 lines
20 KiB
ReStructuredText
441 lines
20 KiB
ReStructuredText
PEP: 8002
|
||
Title: Open Source Governance Survey
|
||
Author: Barry Warsaw <barry@python.org>, Łukasz Langa <lukasz@python.org>,
|
||
Antoine Pitrou <solipsis@pitrou.net>, Doug Hellmann <doug@doughellmann.com>
|
||
Status: Active
|
||
Type: Informational
|
||
Content-Type: text/x-rst
|
||
Created: 2018-08-24
|
||
|
||
|
||
Abstract
|
||
========
|
||
|
||
This PEP surveys existing and similar open source and free software projects
|
||
for their governance models, providing summaries that will serve as useful
|
||
references for Python's own selection of a new governance model in the wake of
|
||
`Guido's retirement
|
||
<https://mail.python.org/pipermail/python-committers/2018-July/005664.html>`_.
|
||
|
||
Rather than an individual PEP for each of these community surveys, they will
|
||
all be collected here in this PEP.
|
||
|
||
|
||
Rationale
|
||
=========
|
||
|
||
CPython is not the first open source project to undergo a governance crisis.
|
||
Other projects have experimented various governance options, sometimes several
|
||
times during their existence. There are useful lessons to take away of their
|
||
experience, which will help inform our own decision.
|
||
|
||
Project choice
|
||
--------------
|
||
|
||
There are many open source projects out there, but it will be most fruitful
|
||
to survey those which are similar enough to CPython on a couple key metrics:
|
||
|
||
1. the number of contributors and their activity (there are scaling issues that
|
||
don't make the governance models of very small projects very enlightening
|
||
for our purposes) ;
|
||
2. being mostly or partly community-driven (company-driven projects can afford
|
||
different governance options, since the company hierarchy has power over
|
||
the main participants) ;
|
||
3. being faced with important design decisions that require a somewhat formal
|
||
decision process.
|
||
|
||
|
||
Rust
|
||
====
|
||
|
||
The governance structure is documented in `Rust RFC #1068
|
||
<https://github.com/rust-lang/rfcs/blob/master/text/1068-rust-governance.md>`_.
|
||
|
||
The effective governance process grows organically over time without being entirely
|
||
codified as RFCs, especially in case of day-to-day operation details. One example is
|
||
the `formation of Domain Working Groups
|
||
<https://internals.rust-lang.org/t/announcing-the-2018-domain-working-groups/6737>`_ in
|
||
February 2018.
|
||
|
||
Key people and their functions
|
||
------------------------------
|
||
|
||
In the Rust project there are teams responsible for certain areas. For language features
|
||
there is a "lang team", for tooling there's "dev tools" and "Cargo", and so on.
|
||
Contentious issues have facilitators to drive discussion who often aren't the decision
|
||
makers. Typically the faciliators are authors of the proposed changes (see
|
||
"Controversial decision process" below). They ensure all key decision makers are
|
||
involved along with interested community members. They push towards an agreeable
|
||
outcome via iteration.
|
||
|
||
In practice this means decisions are rarely escalated to the core team.
|
||
|
||
The most common role of a contributor is team membership. Issue triage/code review
|
||
privileges without team membership is rare. Contributors have full commit access,
|
||
code ownership separation is based on trust. Writing to the compiler repository is
|
||
frowned upon, all changes go through pull requests and get merged by an integration
|
||
bot after they were reviewed and approved.
|
||
|
||
New team members are added by nomination by an existing team member.
|
||
|
||
Regular decision process
|
||
------------------------
|
||
|
||
Primary work happens via GitHub issues and pull requests. Approving a pull request
|
||
by any team member allows it to be merged without further process. All merged pull
|
||
requests end up in the next stable version of Rust.
|
||
|
||
Notifying relevant people by mentions is important. Listening to the firehose of
|
||
e-mails for all GitHub activity is not popular.
|
||
|
||
There are planning and triage meetings open to the public happening on IRC and Discord.
|
||
They are not very popular because most of work happens through GitHub. Discussions also
|
||
happen on official Rust forums (https://users.rust-lang.org/ and
|
||
https://internals.rust-lang.org/). There is a dedicated moderation team responsible for
|
||
taking notes and enforcing `code of conduct
|
||
<https://www.rust-lang.org/en-US/conduct.html>`_.
|
||
|
||
Controversial decision process
|
||
------------------------------
|
||
|
||
Larger or controversial work goes through a `RFC process
|
||
<https://github.com/rust-lang/rfcs>`_. It allows everyone to express their thoughts and
|
||
iterates towards a resolution. At some point when all blocking concerns of relevant
|
||
team members are addressed, they sign off on the RFC and it reaches a "final comment
|
||
period". That does not require consensus amongst all participants, rather there should
|
||
not be a strong consensus against the proposal.
|
||
|
||
After 10 days the RFC is *merged* unless any new blocking concerns are raised by team
|
||
members. A "merge" signifies that work towards implementing the feature and integrating
|
||
it can now happen without interruption. An RFC doesn't have to have a reference
|
||
implementation for it to be accepted.
|
||
|
||
The other possible results of the "final comment period" are to:
|
||
|
||
* *postpone* the RFC (similar to the Deferred status in PEPs),
|
||
* get it *back into discussion* if blocking concerns can be addressed, or
|
||
* *close it* if blocking concerns are not solvable. When an RFC is marked as
|
||
*closed*, there is a 7 day grace period to debate whether it should be closed.
|
||
|
||
In practice registering concerns with an RFC happens very often initially but rarely
|
||
causes for the RFC to be entirely killed.
|
||
|
||
This process scales well for small-contention changes and/or smaller changes. For the
|
||
largest controversial changes the discussion gets unwieldy. This is a topic currently
|
||
(as of August 2018) on the minds of the Rust team (see:
|
||
`"Listening and Trust, part 1" <http://aturon.github.io/2018/05/25/listening-part-1/>`_,
|
||
`"Listening and Trust, part 2" <http://aturon.github.io/2018/06/02/listening-part-2/>`_,
|
||
`"Listening and Trust, part 3" <http://aturon.github.io/2018/06/18/listening-part-3/>`_,
|
||
`"Proposal for a staged RFC process"
|
||
<http://smallcultfollowing.com/babysteps/blog/2018/06/20/proposal-for-a-staged-rfc-process/>`_).
|
||
|
||
Planning a new release
|
||
----------------------
|
||
|
||
Every six weeks the Rust compiler is released with whatever it contained at the time.
|
||
There are no LTS channels or releases yet but this concept is planned to make
|
||
redistributors able to keep up with development better.
|
||
|
||
Every few years a so-called `"Edition"
|
||
<https://rust-lang-nursery.github.io/edition-guide/editions/index.html>`_ is released.
|
||
Those are milestone releases with full sets of updated documentation and tooling. They
|
||
can be backwards incompatible with previous editions. External packages opt into
|
||
breaking changes in their crate metadata. The Rust compiler supports all editions that
|
||
existed prior to its release. Linking between crates of any supported edition is
|
||
possible.
|
||
|
||
Changes in the process over time
|
||
--------------------------------
|
||
|
||
The Rust programming language was started by Graydon Hoare who developed it as
|
||
a personal project for a few years. When Mozilla started sponsoring the project,
|
||
the team slowly grew with Graydon as a BDFL-style figure. He `left the project
|
||
<https://www.reddit.com/r/rust/comments/7qels2/i_wonder_why_graydon_hoare_the_author_of_rust/dsqeh1d/>`_
|
||
in 2013. Rust functions without a BDFL since. The RFC process was put in place later.
|
||
Initially some design discussions happened during closed-door weekly video meetings
|
||
which was `shut down
|
||
<https://github.com/rust-lang/meeting-minutes/blob/master/weekly-meetings/2015-05-26.md#future-of-weekly-meeting>`_
|
||
in May 2015 (before the 1.0 release of Rust), organically replaced with open discussion
|
||
and direct influence of teams.
|
||
|
||
The number of teams is growing in time. The number of technical decisions made by the
|
||
core team is decreasing, instead those get delegated to respective teams.
|
||
|
||
The concept of a "final comment period" was introduced to encourage more public
|
||
discussion and enable reacting to a change *about to* being made, instead of having to
|
||
revert a rushed decision that was already made.
|
||
|
||
|
||
OpenStack
|
||
=========
|
||
|
||
The OpenStack Foundation Bylaws lay out the basic structure for
|
||
project governance, with `Article IV
|
||
<https://www.openstack.org/legal/bylaws-of-the-openstack-foundation/>`__
|
||
delegating day-to-day management of the open source project to the
|
||
OpenStack Technical Committee (TC), and `The TC member policy
|
||
<https://www.openstack.org/legal/technical-committee-member-policy/>`__
|
||
defining broadly how the Technical Committee shall be elected. The TC
|
||
publishes a set of more detailed `governance documents
|
||
<https://governance.openstack.org/tc/>`__, including `the TC charter
|
||
<https://governance.openstack.org/tc/reference/charter.html>`__, which
|
||
describes the team structure, precise rules for establishing
|
||
eligibility to run for office, and criteria for establishing the
|
||
various electorates.
|
||
|
||
Key people and their functions
|
||
------------------------------
|
||
|
||
The OpenStack community is made up of many distinct `project teams
|
||
<https://governance.openstack.org/tc/reference/projects/index.html>`__,
|
||
responsible for producing different components of the software (block
|
||
storage management, compute management, etc.) or managing different
|
||
parts of the processes the community follows (such as tracking the
|
||
release schedule). Each team is led by a *Project Team Lead* (PTL),
|
||
elected by the *Active Project Contributors* for that project.
|
||
|
||
Active Project Contributors (APCs) are recent contributors to a given
|
||
project team. APC status formally requires two things: becoming an
|
||
individual member of the OpenStack Foundation (membership is free) and
|
||
having a change merged within the last year (two development cycles)
|
||
in a repository managed by a project team.
|
||
|
||
The elected PTL serves a term equal to one development cycle (roughly
|
||
6 months). There is no restriction on the number of consecutive terms
|
||
a person may serve as PTL, and it is common for someone to serve for
|
||
several terms in a row. It is also not unusual for a team to have only
|
||
one candidate volunteer to serve as PTL for a given cycle, in which
|
||
case there is no need for an election.
|
||
|
||
The PTL represents the team in all cases except where they have
|
||
explicitly delegated some responsibility. For example, many teams
|
||
designate a separate *release liaison* to manage the release process
|
||
for a development cycle. The PTL also serves as a final decision
|
||
maker in cases where consensus cannot be reached between the team
|
||
members.
|
||
|
||
While the APCs all vote for the PTL of a team, in many other cases
|
||
only the *core reviewer* team will be consulted on policy decisions
|
||
for the team. Anyone may review any patch for any OpenStack
|
||
project. After someone demonstrates that they have a good grasp of the
|
||
technical issues of a project, that they provide useful feedback on
|
||
reviews, and that they understand the direction the project is going,
|
||
they may be invited to become a member of the core review team. Unlike
|
||
in many other communities, this status does not grant them the right
|
||
to submit code without having it reviewed. Rather, it asks them to
|
||
commit to reviewing code written by other contributors, and to
|
||
participate in team decision-making discussions. Asking someone to
|
||
become a member of the core review team is a strong indication of
|
||
trust.
|
||
|
||
The Technical Committee (TC) is responsible for managing the
|
||
development of OpenStack as a whole. The 13 members of the Technical
|
||
Committee are directly elected by APCs from all project teams. Each
|
||
member serves a term of two development cycles (roughly 1 year), with
|
||
the elections split so that only about half of the members' terms
|
||
expire at any time, to ensure continuity. The TC establishes overall
|
||
policies, such as the criteria for adding new project teams, the
|
||
deprecation policy for Python 2, testing requirements, etc.
|
||
|
||
Regular decision process
|
||
------------------------
|
||
|
||
All elections for PTL or TC members use https://civs.cs.cornell.edu to
|
||
run a *Condorcet* election. This system was selected because it
|
||
emphasizes consensus candidates over strict popularity.
|
||
|
||
The OpenStack contributor community relies on 3 primary tools for
|
||
discussion: the `openstack-dev mailing list
|
||
<http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev>`__,
|
||
a gerrit code review instance at https://review.openstack.org, and a
|
||
set of `OpenStack-specific IRC channels
|
||
<http://eavesdrop.openstack.org>`__ on Freenode. There are a few teams
|
||
whose contributors are based primarily in China, and they have trouble
|
||
accessing IRC. Those teams tend to use alternative platforms such as
|
||
WeChat, instead.
|
||
|
||
The tool used for discussing any given decision will vary based on its
|
||
weight and impact. Everyone is encouraged to use either the mailing
|
||
list or gerrit to support asynchronous discussion across a wider range
|
||
of timezones and and firewalls, especially for publicizing final
|
||
decisions for the rest of the community.
|
||
|
||
Policy decisions limited to a single team are usually made by the core
|
||
review team for a project, and the policies and decision processes may
|
||
vary between teams. Some groups write down their team policies in
|
||
their documentation repository, and use the code review tool (gerrit)
|
||
to vote on them. Some teams discuss policies on IRC, either ad hoc or
|
||
during a regularly scheduled meeting, and make decisions there. Some
|
||
teams use the mailing list for those discussions. The PTL for the team
|
||
is responsible for ensuring the discussion is managed and the outcome
|
||
is communicated (either by doing so directly or ensuring that the task
|
||
is delegated to someone else).
|
||
|
||
All team policy decisions need to be compatible with the overall
|
||
policies set by the Technical Committee. Because the TC tends to make
|
||
broader governance decisions that apply to the entire contributor
|
||
community, the process for discussing and voting on those decisions is
|
||
described more formally, including specifying the number of votes
|
||
needed to pass and the minimum length of time required for
|
||
discussion. For example, most motions require 1/3 of the members (5)
|
||
to pass and must stay open at least 3 days after receiving sufficient
|
||
votes to pass, ensuring that there is time for dissent to be
|
||
registered. See the `Technical Committee Charter
|
||
<https://governance.openstack.org/tc/reference/charter.html#motions>`__
|
||
and `house rules
|
||
<https://governance.openstack.org/tc/reference/house-rules.html>`__
|
||
for more details.
|
||
|
||
Significant design decisions are usually discussed by reviewing a
|
||
`specification document <http://specs.openstack.org>`__, somewhat
|
||
similar to a PEP, that covers the requirements, alternatives, and
|
||
implementation details. Feedback is solicited from all contributors,
|
||
and then specifications are eventually approved or rejected by members
|
||
of the core review team for a project. Some teams require only 2
|
||
reviewers to approve a design, while other teams require a stronger
|
||
indication of consensus before a design is approved. Each team sets a
|
||
`deadline for approving specifications within each development cycle
|
||
<https://releases.openstack.org/rocky/schedule.html>`__, to encourage
|
||
contributors to work out designs for significant new features early
|
||
and avoid risk from changes late in the cycle.
|
||
|
||
Smaller technical decisions are typically made by reviewing the
|
||
patch(es) needed to implement the change. Anyone may review any patch
|
||
and provide technical feedback, but ultimately two core reviewers for
|
||
a team are needed to approve most changes (exceptions are often made
|
||
for trivial changes such as typos or for fixes that unblock the CI
|
||
gating system).
|
||
|
||
Controversial decision process
|
||
------------------------------
|
||
|
||
Controversial, or merely complicated, decisions frequently expand
|
||
outside of specification reviews to mailing list discussions. They
|
||
often also result in discussions at one of the regularly scheduled
|
||
in-person community gatherings. Because many members of the community
|
||
cannot attend these events, the discussions are summarized and final
|
||
decisions are made using on-line tools as much as possible.
|
||
|
||
The PTL is responsible for deciding when consensus has been reached
|
||
for decisions that affect a single team, and to make a final call in
|
||
rare cases where consensus has not been reached and a decision
|
||
absolutely needs to be made. The TC acts as a similar decision-making
|
||
group of last resort for cases where issues *between* teams cannot be
|
||
resolved in another way. Such escalation of decision-making ends up
|
||
being rarely necessary, because the contributors directly involved
|
||
generally prefer to come to a consensual agreement rather than
|
||
escalate the decision to others.
|
||
|
||
Planning a new release
|
||
----------------------
|
||
|
||
OpenStack has a major release about every 6 months. These are
|
||
coordinated date-based releases, which include the work finished up to
|
||
that point in time in all of the member projects. Some project teams
|
||
release more often than every 6 months (this is especially true for
|
||
teams building libraries consumed by other teams). Those smaller
|
||
releases tend to be produced when there is content (new features or
|
||
bug fixes) to justify them.
|
||
|
||
The schedule for each development cycle, with deadlines and a final
|
||
release date, is proposed by the release management team, in
|
||
coordination with the Foundation staff (releases are generally aligned
|
||
with the calendar of in-person events), and then the community has an
|
||
opportunity to provide feedback before the final dates are set.
|
||
|
||
Decisions about priorities for each development cycle are made at the
|
||
team level and the TC level. Core review teams prioritize internal
|
||
work, such as fixing bugs and implementing new features. The TC
|
||
selects `community goals
|
||
<https://governance.openstack.org/tc/goals/index.html>`__, which
|
||
usually require some amount of work from all teams. Agreeing to these
|
||
priorities at the start of each cycle helps the teams coordinate their
|
||
work, which is especially important because the implementation will
|
||
require reviews from multiple team members.
|
||
|
||
Changes in the process over time
|
||
--------------------------------
|
||
|
||
Over the last 8 years the number of OpenStack project teams has grown
|
||
from 2 to 63. The makeup of the Technical Committee has changed to
|
||
accommodate that growth. Originally the TC was made up of PTLs, but as
|
||
the membership grew it became impractical for the group to function
|
||
effectively.
|
||
|
||
The community also used to be organized around "program areas" rather
|
||
than project teams. A program area covered a feature set, such as
|
||
gathering telemetry or managing block storage. This organization
|
||
failed when multiple teams of people wanted to work on the same
|
||
feature set using different solutions. Organizing teams around the
|
||
code they deliver allows different teams to have different
|
||
interpretations of the same requirements. For example, there are now
|
||
several teams working on different deployment tools.
|
||
|
||
Acknowledgements
|
||
================
|
||
|
||
Thank you to Alex Crichton from the Rust team for an extensive explanation of how the
|
||
core team governs the project.
|
||
|
||
Jeremy Stanley, Chris Dent, Julia Kreger, Sean McGinnis, Emmet Hikory,
|
||
and Thierry Carrez contributed to the OpenStack section.
|
||
|
||
|
||
Annex 1: Template questions
|
||
===========================
|
||
|
||
The following set of questions was used as a template to guide evaluation and
|
||
interaction with the surveyed projects:
|
||
|
||
1. Do you have any open documentation on how the governance model is set up?
|
||
|
||
2. How does the process look like in practice?
|
||
|
||
* Who are the key people?
|
||
* What "special statuses" can contributors have?
|
||
* How are they elected/how are the statuses assigned?
|
||
* How are regular decisions made?
|
||
* How are controversial decisions made?
|
||
* Is there a voting mechanism? how does it work? how often do votes actually happen?
|
||
* Is there a veto mechanism? how often was it actually used?
|
||
|
||
3. How do you like the process?
|
||
|
||
* Which parts work well?
|
||
* Which parts could work better?
|
||
* When it doesn't work well, how does it look like?
|
||
* What would you change if it were only up to you?
|
||
|
||
4. Related project work:
|
||
|
||
* How do you decide when a release happens and what goes into it?
|
||
* How do you decide who gets commit access?
|
||
* Where do you hold discussions? (GitHub, mailing lists, face-to-face meetings, and so on)
|
||
* Do you have a RFC/PEP-like process?
|
||
* Who has access to those discussion channels?
|
||
* How is this access granted/revoked?
|
||
* Who moderates those discussions?
|
||
* Do you (and how) censure participants and how?
|
||
|
||
5. Process evolution
|
||
|
||
* How did this process evolve historically?
|
||
* How can it be changed in the future?
|
||
|
||
|
||
Copyright
|
||
=========
|
||
|
||
This document has been placed in the public domain.
|
||
|
||
|
||
|
||
..
|
||
Local Variables:
|
||
mode: indented-text
|
||
indent-tabs-mode: nil
|
||
sentence-end-double-space: t
|
||
fill-column: 70
|
||
coding: utf-8
|
||
End:
|