stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions Releases Wiki Activity
Files
main
git.stella-ops.org/docs/11_GOVERNANCE.md
master b04557a923 Initial commit
2025-08-30 21:05:34 +00:00

3.2 KiB
Executable File
Raw Permalink Blame History

StellaOps ProjectGovernance

Lazy Consensus • Maintainer Charter • Transparent Veto

Scope applies to all repositories under
https://git.stella-ops.org/stella-ops/* unless a subproject overrides it with its own charter approved by the Core Maintainers.

1·Decisionmaking workflow 🗳️

Stage Default vote Timer
Docs / noncode PR +1 48h
Code / tests PR +1 7×24h
Securitysensitive / breaking API +1 + explicit securityLGTM 7×24h

Lazyconsensus silence=approval once the timer elapses.

  • Veto 1 must include a concrete concern and a path to resolution.
  • After 3 unresolved vetoes the PR escalates to a Maintainer Summit call.

2·Maintainer approval thresholds 👥

Change class Approvals required Example
Trivial 0 Typos, comment fixes
Nontrivial 2Maintainers New API endpoint, feature flag
Security / breaking Lazyconsensus +securityLGTM JWT validation, crypto swap

Approval is recorded via Git forge review or a signed commit trailer
Signed-off-by: <maintainer>.

3·Becoming (and staying) a Maintainer 🌱

  1. 3+ months of consistent, highquality contributions.
  2. Nomination by an existing Maintainer via issue.
  3. 7day vote needs ≥ ⅔ majority+1”.
  4. Sign MAINTAINER_AGREEMENT.md and enable 2FA.
  5. Inactivity>6months → automatic emeritus status (can be reactivated).

4·Release authority & provenance 🔏

  • Every tag is cosigned by at least one Security Maintainer.
  • CI emits a signed SPDX SBOM + Cosign provenance.
  • Release cadence is fixed see public Roadmap.
  • Security fixes may create outofband x.y.zhotfix tags.

5·Escalation lanes 🚦

Situation Escalation
Technical deadlock Maintainer Summit (recorded & published)
Security bug Follow Security Policy
Code of Conduct violation See 12_CODE_OF_CONDUCT.md escalation ladder

6·Contribution etiquette 🤝

  • Draft PRs early CI linting & tests help you iterate.
  • “There are no stupid questions” ask in Matrix #dev.
  • Keep commit messages in imperative mood (Fix typo, Add SBOM cache).
  • Run the precommit hook locally before pushing.

7·Licence reminder 📜

StellaOps is AGPL3.0orlater. By contributing you agree that your patches are released under the same licence.

Appendix A Maintainer list 📇

(Generated via scripts/gen-maintainers.sh edit the YAML, not this section directly.)

Handle Area Since
@alice Core scanner • Security 202504
@bob UI • Docs 202506