See the information about community membership roles to learn about the role of the maintainers and the process to become one.
| Name | GitHub | |
|---|---|---|
| Dan Ghita | [email protected] | @DanGhita |
| Jan Martens | [email protected] | @JanMa |
| Nathan Phelps | [email protected] | @naphelps |
| Alex Scheel | [email protected] | @cipherboy |
n/a
OpenBao is an open source secrets management application and is a critical point of infrastructure for many organizations. It is important to be mindful of supply chain security and the threat of intentionally or accidentally malicious maintainers in order to build the trust of relying organizations. However, OpenBao uses a plugin architecture and benefits from broad integration with many specialized components (cloud providers, databases, key management systems, platform services such as Kubernetes, ...). It is also important to nurture this wide ecosystem and grant permissions to community members familiar with these areas. OpenBao's community structure should reflect this.
OpenBao adheres to a three-tiered community role structure:
- The TSC-appointed organization-level maintainers, and
- Repository-level committers.
- Organization-level moderators.
The core OpenBao repository is excluded from repository-level committers.
The CODEOWNERS and MAINTAINERS.md file of each repository will reflect the
maintenance requirements of both the organization and the repository.
Organization-level maintainers will have admin purview over all projects under the OpenBao GitHub organization. They will be ultimately responsible for administration of repository, including configuration of the repository, managing GitHub secrets, and ensuring compliance with Linux Foundation and project requirements.
The following groups of people are eligible to become maintainers:
- Current employees of active TSC member companies,
- Former employees of active or former TSC member companies, or HashiCorp, who contributed during their tenure at the company and continue contributing,
- Active repository-level committers who have been in their role for 1 year or repository committers who have actively maintain 5+ repositories for the last 6 months, and
- Past organization-level maintainers.
Significant contributions to OpenBao are required, for example:
- Contributing impactful RFCs to the project,
- Leading review and ownership of particular areas of code (such as core cryptography components or documentation), or
- Large feature development or important bug fixes.
Eligibility requirements may be waived by 2/3rds majority TSC vote.
Applications to become organization-level maintainers will be sent to the OpenBao mailing list and should contain motivation and confirmation of eligibility.
Organization-level maintainers are to be approved by unanimous vote of the TSC and existing organization-level maintainers, allowing abstentions, at 2/3rds quorum.
Organization-level maintainers will forfeit with 2/3rd majority vote their access after 30 days of inactivity without prior notice to any member of the TSC or other organization-level maintainers. If a maintainer comes back and demonstrates renewed contributions, a simple majority vote of any body should be sufficient to reinstate them.
Repository-level maintainers will have limited scope over specific projects
under the OpenBao GitHub organization. They will receive write permissions
to specific repositories, excluding the core OpenBao repository.
The following groups of people are eligible to be committers:
- Active moderators who have held the position for 90 days, and
- Former committers and organization-level maintainers, and
- Past HashiCorp employees who contributed during their tenure at the company.
Repository committers should demonstrate expertise in the requested project and show a committment to making meaningful changes and maintaining security.
Eligibility requirements may be waived by simple majority TSC vote.
Applications to become committers will be sent to the OpenBao mailing list and should contain brief motivation, confirmation of eligibility, and the repository/repositories to receive committer access.
Per OpenBao Charter, repository-level committers are to be approved by 2/3rd vote of the organization-level maintainers and project-level committers.
Repository-level committers will forfeit with 2/3rd majority vote their access after 30 days of inactivity without prior notice to any member of the TSC or other maintainers (organization-level or repository-level). If a committer comes back and demonstrates renewed contributions, a simple majority vote of either the TSC or the organization-level maintainers should be sufficient to reinstate them.
Moderators will have power to apply labels to and open and close issues and PRs and to manage discussions. They'll have moderation permissions on comments to hide off-topic comments or edit comments for formatting.
All contributors who have been active in the project for 60 days are eligible to become moderators.
Eligibility requirements may be waived by simple majority TSC or organization-level maintainers vote.
Applications to become moderators will be sent to the OpenBao mailing list.
Moderators will be subject to approval by simple majority vote of organization-level maintainers and project-level committers, subject to 2/3rds quorum.
Moderators who have been inactive for 60 days will have their access revoked.