Governance improvement plan for Notary Project #51
Description
Discussed in #42
Originally posted by FeynmanZhou July 17, 2023
Governance improvement plan
This proposal outlines the governance improvement plan for the Notary Project and tells the initiatives and reasons for improving the governance model. It also proposes how we could track and proceed the governance work in the Notary Project community. Any suggestions and contributions are welcome.
Why governance
A well-crafted governance model can in fact be a largely positive force in open-source communities. A project’s governance model outlines the project’s “terms of engagement”: the specific, tried-and-tested processes for working together and making public decisions that project contributors have found work best for the community. A clear governance model can encourage new contributors to become involved in the project.
In addition, there was a discussion happened in 2022 from CNCF TOC about the Notary Project health, which reminds us of the importance of revisiting the Notary Project governance status.
To resolve the governance problems and build a well-crafted governance model, Notary Project maintainers are suggested to rethink the Notary Project governance and create a phased plan for the governance work. Building a healthy community is also critical to a sustainable long-term development strategy for the Notary Project.
How to improve governance
CNCF Project Guidance is a good reference that provides comprehensive governance guidelines, best practices, and templates. We can build the governance guiding principles for Notary Project based on the community current situation and refer to the CNCF Project Guidance. The Notary Project governance could be improved in the following specific aspects and can be split into different GitHub issues to track them respectively.
- Charter: clarify goals, mission, scope, roadmap, values, and principles
- Define the roles: defines community roles and responsibilities
- Sub-project and maintainer governance: explain how to define fair and neutral governance process for sub-project and maintainers
- Policies and development procedures: explain how specific contributors participate in the project
- Security: explain how the security issue report process and disclosure
- Release management: explain the release process and decision-making in release management
- Community activity, event, organization management: community meetings and notes, conferences, GitHub organization and team management
How to proceed and track
All governance issues are created and labeled with governance. They are tracked on the Notary Project planning board. These issues are targeting completed in three iterations from July to Sep 2023. The following sections only group the governance work into different areas, which forms a structured plan. The detailed priority, iteration, and status of each issue can be found on the Notary Project planning board.
Charter
It helps end users understand what they can expect your project to do or not do. It also helps contributors understand which types of new features are likely to be accepted into the project that meets the goals and which ones are out of scope.
- Updated the README.md with overview details #32
- Proposal for bringing clarity to the Notary Project branding #35 and Notation naming#244
- Documenting
Charteris needed
Define the roles
Notary Project Governance defined the roles of Org Maintainers, Subproject Maintainers, and their responsibility. A contributor ladder guideline is needed which helps prospective contributors who want to know the level of effort it will take on their end and how they will grow in the community.
- Create Contributor ladder document for each sub-project #15
- Add governance description for OWNERS and MAINTAINERS files within each repo #16
Sub-project and maintainer governance
- Clean up stale branches in notation, notation-go, notaryproject #33
- Define and document the process of Notary project health regular review #8
- Notary Project Annual Review #21
- Process for archiving repositories #36 and doc: Clarify the Repository lifecycle #37
- Governance for sub-project #10
Policies and development procedures
These policies and development procedures are what are often thought of as “governance paperwork” for projects. It also defines how the contribution workflow, contributor experience, and procedure work in the community.
- Branch policies and strategy #18
- Refactor contributing guide for Notary project #6
- Add conventions to contributing guide #24
- Document how to set up development environment #40
- PR review guideline is needed
Security
- Security policy and process for the project #5
- Document how to meet the git commit signing requirement in contributing guide #39
- Document the plan to generate a provenance attestation file for Notation CLI binaries is needed
Release management
- Release management #19
- Refactor and migrate the release guideline #28
- docs: update RELEASE_CHECKLIST.md notation#713
Community activity, event, and organization management
- Governance for Notary Project community meetings #12
- Manage pinned repositories in the GitHub org page #41
Get involved and contribute to governance
If you think any part is missing in this proposal or if you have any suggestions, please comment on it. If you are interested in contributing to any governance document, please comment on related issues.