summaryrefslogtreecommitdiff
path: root/docs/GOVERNANCE.md
diff options
context:
space:
mode:
Diffstat (limited to 'docs/GOVERNANCE.md')
-rw-r--r--docs/GOVERNANCE.md144
1 files changed, 144 insertions, 0 deletions
diff --git a/docs/GOVERNANCE.md b/docs/GOVERNANCE.md
new file mode 100644
index 000000000..6de2eff41
--- /dev/null
+++ b/docs/GOVERNANCE.md
@@ -0,0 +1,144 @@
+# Decision making in the curl project
+
+A rough guide to how we make decisions and who does what.
+
+## BDFL
+
+This project was started by and has to some extent been pushed forward over
+the years with Daniel Stenberg as the driving force. It matches a standard
+BDFL (Benevolent Dictator For Life) style project.
+
+This setup has been used due to convenience and the fact that is has worked
+fine this far. It is not because someone thinks of it as a superior project
+leadership model. It will also only continue working as long as Daniel manages
+to listen in to what the project and the general user population wants and
+expects from us.
+
+## Legal entity
+
+There is no legal entity. The curl project is just a bunch of people scattered
+around the globe with the common goal to produce source code that creates
+great products.
+
+The copyrights in the project are owned by the individuals and organizations
+that wrote those parts of the code.
+
+## Decisions
+
+The curl project is not a democracy, but everyone is entitled to state their
+opinion and may argue for their sake within the community.
+
+All and any changes that have been done or will be done are eligible to bring
+up for discussion, to object to or to praise. Ideally, we find consensus for
+the appropriate way forward in any given situation or challenge.
+
+If there is no obvious consensus, a maintainer who's knowledgeable in the
+specific area will take an "executive" decision that they think is the right
+for the project.
+
+## Key roles
+
+### Maintainers
+
+A maintainer in the curl project is an individual who has been given
+permissions to push commits to one of the git repositories.
+
+Maintainers are free to push commits to the repositories at their own will.
+Maintainers are however expected to listen to feedback from users and any
+change that is non-trivial in size or nature *should* be brought to the
+project as a PR to allow others to comment/object before merge.
+
+### Former maintainers
+
+A maintainer who stops being active in the project will at some point get
+their push permissions removed. We do this for security reasons but also to
+make sure that we always have the list of maintainers as "the team that push
+stuff to curl".
+
+Getting push permissions removed is not a punishment. Everyone who ever worked
+on maintaining curl is considered a hero, for all time hereafter.
+
+### Security team members
+
+We have a security team. That's the team of people who are subscribed to the
+curl-security mailing list; the receivers of security reports from users and
+developers. This list of people will vary over time but should be skilled
+developers familiar with the curl project.
+
+The security team works best when it consists of a small set of active
+persons. We invite new members when the team seems to need it, and we also
+expect to retire security team members as they "drift off" from the project or
+just find themselves unable to perform their duties there.
+
+### Server admins
+
+We run a web server, a mailing list and more on the curl project's primary
+server. That physical machine is owned and run by Haxx. Daniel is the primary
+admin of all things curl related server stuff, but Björn Stenberg and Linus
+Feltzing serve as backup admins for when Daniel is gone or unable.
+
+The primary server is paid for by Haxx. The machine is physically located in a
+server bunker in Stockholm Sweden, operated by the company Portlane.
+
+The web site contents are served to the web via Fastly and Daniel is the
+primary curl contact with Fastly.
+
+### BDFL
+
+That's Daniel.
+
+# Maintainers
+
+A curl maintainer is a project volunteer who has the authority and rights to
+merge changes into a git repository in the curl project.
+
+Anyone can aspire to become a curl maintainer.
+
+### Duties
+
+There are no mandatory duties. We hope and wish that maintainers consider
+reviewing patches and help merching them, especially when the changes are
+within the area of personal expertise and experience.
+
+### Requirements
+
+- only merge code that meets our quality and style guide requirements.
+- *never* merge code without doing a PR first, unless the change is "trivial"
+- if in doubt, ask for input/feedback from others
+
+### Recommendations
+
+- please enable 2fa on your github account to reduce risk of malicious sourc
+ code tampering
+- consider enabling signed git commits for additional verification of changes
+
+### Merge advice
+
+When you're merging patches/PRs...
+
+- make sure the commit messages follow our template
+- squash patch sets into a few logical commits even if the PR didn't, if
+ necessary
+- avoid the "merge" button on github, do it "manually" instead to get full
+ control and full audit trail (github leaves out you as "Committer:")
+- remember to credit the reporter and the helpers!
+
+## Who are maintainers?
+
+The [list of maintainers](https://github.com/orgs/curl/people). Be aware that
+the level of presence and activity in the project vary greatly between
+different individuals and over time.
+
+### Become a maintainer?
+
+If you think you can help making the project better by shouldering some
+maintaining responsibilities, then please get in touch.
+
+You will be expected to be familiar with the curl project and its ways of
+working. You need to have gotten a few quality patches merged as a proof of
+this.
+
+### Stop being a maintainer
+
+If you (appear to) not be active in the project anymore, you may be removed as
+a maintainer. Thank you for your service!
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-02 22:47:07 +0000