stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions Releases Wiki Activity
Files
main
git.stella-ops.org/docs/11_GOVERNANCE.md
master b04557a923 Initial commit
2025-08-30 21:05:34 +00:00

93 lines
3.2 KiB
Markdown
Executable File
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# StellaOps ProjectGovernance
*Lazy Consensus • Maintainer Charter • Transparent Veto*
> **Scope** applies to **all** repositories under
> `https://git.stella-ops.org/stella-ops/*` unless a subproject overrides it
> with its own charter approved by the Core Maintainers.
---
## 1·Decisionmaking workflow 🗳
| Stage | Default vote | Timer |
|-------|--------------|-------|
| **Docs / noncode PR** | `+1` | **48h** |
| **Code / tests PR** | `+1` | **7×24h** |
| **Securitysensitive / breaking API** | `+1` + explicit **`securityLGTM`** | **7×24h** |
**Lazyconsensus** silence=approval once the timer elapses.
* **Veto `1`** must include a concrete concern **and** a path to resolution.
* After 3 unresolved vetoes the PR escalates to a **Maintainer Summit** call.
---
## 2·Maintainer approval thresholds 👥
| Change class | Approvals required | Example |
|--------------|-------------------|---------|
| **Trivial** | 0 | Typos, comment fixes |
| **Nontrivial** | **2Maintainers** | New API endpoint, feature flag |
| **Security / breaking** | Lazyconsensus **+`securityLGTM`** | JWT validation, crypto swap |
Approval is recorded via Git forge review or a signed commit trailer
`Signed-off-by: <maintainer>`.
---
## 3·Becoming (and staying) a Maintainer 🌱
1. **3+ months** of consistent, highquality contributions.
2. **Nomination** by an existing Maintainer via issue.
3. **7day vote** needs ≥ **⅔ majority** “`+1`”.
4. Sign `MAINTAINER_AGREEMENT.md` and enable **2FA**.
5. Inactivity>6months → automatic emeritus status (can be reactivated).
---
## 4·Release authority & provenance 🔏
* Every tag is **cosigned by at least one Security Maintainer**.
* CI emits a **signed SPDX SBOM** + **Cosign provenance**.
* Release cadence is fixed see [public Roadmap](../roadmap/README.md).
* Security fixes may create outofband `x.y.zhotfix` tags.
---
## 5·Escalation lanes 🚦
| Situation | Escalation |
|-----------|------------|
| Technical deadlock | **Maintainer Summit** (recorded & published) |
| Security bug | Follow [Security Policy](../security/01_SECURITY_POLICY.md) |
| Code of Conduct violation | See `12_CODE_OF_CONDUCT.md` escalation ladder |
---
## 6·Contribution etiquette 🤝
* Draft PRs early CI linting & tests help you iterate.
* “There are no stupid questions” ask in **Matrix #dev**.
* Keep commit messages in **imperative mood** (`Fix typo`, `Add SBOM cache`).
* Run the `precommit` hook locally before pushing.
---
## 7·Licence reminder 📜
StellaOps is **AGPL3.0orlater**. By contributing you agree that your
patches are released under the same licence.
---
### Appendix A Maintainer list 📇
*(Generated via `scripts/gen-maintainers.sh` edit the YAML, **not** this
section directly.)*
| Handle | Area | Since |
|--------|------|-------|
| `@alice` | Core scanner • Security | 202504 |
| `@bob` | UI • Docs | 202506 |
---
Reference in New Issue View Git Blame Copy Permalink