stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions Releases Wiki Activity
Files
9e5e958d42ecddbe3e5a321ea0c0d31d1088ce20
git.stella-ops.org/docs/11_GOVERNANCE.md
master 9e5e958d42
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
feat: Document completed tasks for KMS, Cryptography, and Plugin Libraries 
- Added detailed task completion records for KMS interface implementation and CLI support for file-based keys.
- Documented security enhancements including Argon2id password hashing, audit event contracts, and rate limiting configurations.
- Included scoped service support and integration updates for the Plugin platform, ensuring proper DI handling and testing coverage.
2025-10-31 14:33:05 +02:00

3.2 KiB
Executable File
Raw Blame History

StellaOps ProjectGovernance

Lazy Consensus • Maintainer Charter • Transparent Veto

Scope applies to all repositories under
https://git.stella-ops.org/stella-ops/* unless a subproject overrides it with its own charter approved by the Core Maintainers.

1·Decisionmaking workflow 🗳️

Stage Default vote Timer
Docs / noncode PR +1 48h
Code / tests PR +1 7×24h
Securitysensitive / breaking API +1 + explicit securityLGTM 7×24h

Lazyconsensus silence=approval once the timer elapses.

  • Veto 1 must include a concrete concern and a path to resolution.
  • After 3 unresolved vetoes the PR escalates to a Maintainer Summit call.

2·Maintainer approval thresholds 👥

Change class Approvals required Example
Trivial 0 Typos, comment fixes
Nontrivial 2Maintainers New API endpoint, feature flag
Security / breaking Lazyconsensus +securityLGTM JWT validation, crypto swap

Approval is recorded via Git forge review or a signed commit trailer
Signed-off-by: <maintainer>.

3·Becoming (and staying) a Maintainer 🌱

  1. 3+ months of consistent, highquality contributions.
  2. Nomination by an existing Maintainer via issue.
  3. 7day vote needs ≥ ⅔ majority+1”.
  4. Sign MAINTAINER_AGREEMENT.md and enable 2FA.
  5. Inactivity>6months → automatic emeritus status (can be reactivated).

4·Release authority & provenance 🔏

  • Every tag is cosigned by at least one Security Maintainer.
  • CI emits a signed SPDX SBOM + Cosign provenance.
  • Release cadence is fixed see public Roadmap.
  • Security fixes may create outofband x.y.zhotfix tags.

5·Escalation lanes 🚦

Situation Escalation
Technical deadlock Maintainer Summit (recorded & published)
Security bug Follow Security Policy
Code of Conduct violation See 12_CODE_OF_CONDUCT.md escalation ladder

6·Contribution etiquette 🤝

  • Draft PRs early CI linting & tests help you iterate.
  • “There are no stupid questions” ask in Matrix #dev.
  • Keep commit messages in imperative mood (Fix typo, Add SBOM cache).
  • Run the precommit hook locally before pushing.

7·Licence reminder 📜

StellaOps is AGPL3.0orlater. By contributing you agree that your patches are released under the same licence.

Appendix A Maintainer list 📇

(Generated via scripts/gen-maintainers.sh edit the YAML, not this section directly.)

Handle Area Since
@alice Core scanner • Security 202504
@bob UI • Docs 202506