libvirt/docs/governance.rst
Daniel P. Berrangé 372d4b42d3 docs: permit a user's chosen identity with SoB
The docs for submitting a patch describe using your "Legal Name" with
the Signed-off-by line.

In recent times, there's been a general push back[1] against the notion
that use of Signed-off-by in a project automatically requires / implies
the use of legal ("real") names and greater awareness of the downsides.

Full discussion of the problems of such policies is beyond the scope of
this commit message, but at a high level they are liable to marginalize,
disadvantage, and potentially result in harm, to contributors.

TL;DR: there are compelling reasons for a person to choose distinct
identities in different contexts & a decision to override that choice
should not be taken lightly.

A number of key projects have responded to the issues raised by making
it clear that a contributor is free to determine the identity used in
SoB lines:

 * Linux has clarified[2] that they merely expect use of the
   contributor's "known identity", removing the previous explicit
   rejection of pseudonyms.

 * CNCF has clarified[3] that the real name is simply the identity
   the contributor chooses to use in the context of the community
   and does not have to be a legal name, nor birth name, nor appear
   on any government ID.

Since we have no intention of ever routinely checking any form of ID
documents for contributors[4], realistically we have no way of knowing
anything about the name they are using, except through chance, or
through the contributor volunteering the information. IOW, we almost
certainly already have people using pseudonyms for contributions.

This proposes to accept that reality and eliminate unnecessary friction,
by following Linux & the CNCF in merely asking that a contributors'
commonly known identity, of their choosing, be used with the SoB line.

[1] Raised in many contexts at many times, but a decent overall summary
    can be read at https://drewdevault.com/2023/10/31/On-real-names.html
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d4563201f33a022fc0353033d9dfeb1606a88330
[3] https://github.com/cncf/foundation/blob/659fd32c86dc/dco-guidelines.md
[4] Excluding the rare GPG key signing parties for regular maintainers

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-10-28 12:29:31 +00:00

12 KiB

Project governance

The libvirt project operates as a meritocratic, consensus-based community. Anyone with an interest in the project can join the community, contributing to the ongoing development of the project's work. This pages describes how that participation takes place and how contributors earn merit, and thus influence, within the community.

Code of conduct

The libvirt project community covers people from a wide variety of countries, backgrounds and positions. This global diversity is a great strength of the project, but can also lead to communication issues, which may in turn cause unhappiness. To maximise happiness of the project community taken as a whole, all members (whether users, contributors or committers) are expected to abide by the project's code of conduct. At a high level the code can be summarized as "be excellent to each other". Expanding on this:

  • Be respectful: disagreements between people are to be expected and are usually the sign of healthy debate and engagement. Disagreements can lead to frustration and even anger for some members. Turning to personal insults, intimidation or threatening behaviour does not improve the situation though. Participants should thus take care to ensure all communications / interactions stay professional at all times.
  • Be considerate: remember that the community has members with a diverse background many of whom have English as a second language. What might appear impolite, may simply be a result of a lack of knowledge of the English language. Bear in mind that actions will have an impact on other community members and the project as a whole, so take potential consequences into account before pursuing a course of action.
  • Be forgiving: humans are fallible and as such prone to make mistakes and inexplicably change their positions at times. Don't assume that other members are acting with malicious intent. Be prepared to forgive people who make mistakes and assist each other in learning from them. Playing a blame game doesn't help anyone.

Roles and responsibilities

Users

The users are anyone who has a need for the output of the project. There are no rules or requirements to become a user of libvirt. Even if the software does not yet work on their OS platform, a person can be considered a potential future user and welcomed to participate.

Participation by users is key to ensuring the project moves in the right direction, satisfying their real world needs. Users are encouraged to participate in the broader libvirt community in any number of ways:

  • Evangelism: spread the word about what libvirt is doing, how it helps solve your problems. This can be via blog articles, social media postings, video blogs, user group / conference presentations and any other method of disseminating information
  • Feedback: let the developers know about what does and does not work with the project. Talk to developers on the project's IRC channel and mailing list, or find them at conferences. Tell them what gaps the project has or where they should look for future development
  • Moral support: developers live for recognition of the positive impact their work has on users' lives. Give thanks to the developers when evangelising the project, or when meeting them at user groups, conferences, etc.

The above is not an exhaustive list of things users can do to participate in the project. Further ideas and suggestions are welcome. Users are encouraged to take their participation further and become contributors to the project in any of the ways listed in the next section.

Contributors

The contributors are community members who have some concrete impact to the ongoing development of the project. There are many ways in which members can contribute, with no requirement to be a software engineer. Many users can in fact consider themselves contributors merely by engaging in evangelism for the project.

  • Bug reporting: improve the quality of the project by reporting any problems found either to the project's own bug tracker, or to that of the OS vendor shipping the libvirt code.
  • User help: join the IRC channel or mailing list to assist or advice other users in troubleshooting the problems they face.
  • Feature requests: help set the direction for future work by reporting details of features which are missing to the project's own bug tracker or mailing lists.
  • Graphical design: contribute to the development of the project's websites / wiki brand with improved graphics, styling or layout.
  • Code development: write and submit patches to address bugs or implement new features
  • Architectural design: improve the usefulness of the project by providing feedback on the design of proposed features, to ensure they satisfy the broadest applicable needs and survive the long term
  • Code review: look at patches which are submitted and critique the code to identify bugs, potential design problems or other issues which should be addressed before the code is accepted
  • Documentation: contribute to content on personal blogs, the website, wiki, code comments, or any of the formal documentation efforts.
  • Translation: join the Fedora transifex community to improve the quality of translations needed by the libvirt project.
  • Testing: try proposed patches or release candidates and report whether the build passes and the changes work as expected.

The above is not an exhaustive list of things members can do to contribute to the project. Further ideas and suggestions are welcome.

There are no special requirements to becoming a contributor other than having the interest and ability to provide a contribution. The libvirt project does not require any "Contributor License Agreement" to be signed prior to engagement with the community. However for contributing patches, providing a 'Signed-off-by' line with the author's chosen name and e-mail address to demonstrate agreement and compliance with the Developer Certificate of Origin is required.

In making a non-patch contribution to the project, the community member is implicitly stating that they accept the terms of the license under which the work they are contributing to is distributed. They are also implicitly stating that they have the legal right to make the contribution, if doing so on behalf of a broader organization / company. Most of the project's code is distributed under the GNU Lesser General Public License, version 2.1 or later. Details of the exact license under which contributions will be presumed to be covered are found in the source repositories, or website in question.

Committers

The committers are the subset of contributors who have direct access to commit code to the project's primary source code repositories, which are currently using the GIT software. The committers are chosen based on the quality of their contributions over a period of time. This includes both the quality of code they submit, as well as the quality of reviews they provide on other contributors' submissions and a demonstration that they understand day-to-day operation of the project and its goals. There is no minimum level of contribution required in order to become a committer, though 2-3 months worth of quality contribution would be a rough guide.

There are no special requirements to becoming a committer other than to have shown a willingness and ability to contribute to the project over an extended period of time. Proposals for elevating contributors to committers are typically made by existing committers, though contributors are also welcome to make proposals. The decision to approve the elevation of a contributor to a committer is made through "rough consensus" between the existing committers.

The aim in elevating contributors to committers is to ensure that there is a broad base of experience and expertize across all areas of the project's work. Committers are not required to have knowledge across all areas of the project's work. While an approved committer has the technical ability to commit code to any area of the project, by convention they will only commit to areas they feel themselves to be qualified to evaluate the contribution. If in doubt, committers will defer to the opinion of other committers with greater expertize in an area.

The committers hold the ultimate control over what contributions are accepted by the project, however, this does not mean they have the right to do whatever they want. Where there is debate and disagreement between contributors, committers are expected to look at the issues with an unbiased point of view and help achieve a "rough consensus". If the committer has a conflict of interest in the discussion, for example due to their position of employment, they are expected to put the needs of the community project first. If they cannot put the community project first, they must declare their conflict of interest, and allow other non-conflicted committers to make any final decision.

The committers are expected to monitor contributions to areas of the project where they have expertize and ensure that either some form of feedback is provided to the contributor, or to accept their contribution. There is no formal minimum level of approval required to accept a contribution. Positive review by any committer experienced in the area of work is considered to be enough to justify acceptance in normal circumstances. Where one committer explicitly rejects a contribution, however, other committers should not override that rejection without first establishing a "rough consensus" amongst the broader group of committers.

Being a committer is a privilege, not a right. In exceptional circumstances, the privilege may be removed from an active contributor. Such decisions will be taken based on "rough consensus" amongst other committers. In the event that a committer is no longer able to participate in the project, after some period of inactivity passes, they may be asked to confirm that they wish to retain their role as a committer.

Security team

The security team consists of a subset of the project committers along with representatives from vendors shipping the project's software. The subset of project committers is chosen to be the minimal size necessary to provide expertise spanning most of the project's work. Further project committers may be requested to engage in resolving specific security issues on a case by case basis. Any vendor who is shipping the project's software may submit a request for one or more of their representatives to join the security team. Such requests must by approved by existing members of the team vouching for the integrity of the nominated person or organization.

Members of the security team are responsible for triaging and resolving any security issues that are reported to the project. They are expected to abide by the project's documented security process. In particular they must respect any embargo period agreed amongst the team before disclosing a private issue.

Rough consensus

A core concept for governance of the project described above is that of "rough consensus". To expand on this, it is a process of decision making that involves the following steps

  • Proposal
  • Discussion
  • Vote (exceptional circumstances only)
  • Decision

To put this into words, any contributor is welcome to make a proposal for consideration. Any contributor may participate in the discussions around the proposal. The discussion will usually result in agreement between the interested parties, or at least agreement between the committers. Only in the very exceptional circumstance where there is disagreement between committers, would a vote be considered. Even in these exceptional circumstances, it is usually found to be obvious what the majority opinion of the committers is. In the event that even a formal vote is tied, the committers will have to hold ongoing discussions until the stalemate is resolved or the proposal withdrawn.

The overall goal of the "rough consensus" process is to ensure that decisions can be made within the project, with a minimum level of bureaucracy and process. Implicit in this is that any person who does not explicitly reject to a proposal is assumed to be supportive, or at least agnostic.