python-tuf/docs/GOVERNANCE.md

# TUF governance
This document covers the project's governance and committer process.  The
project consists of the TUF
[specification](https://github.com/theupdateframework/specification) and
[reference implementation](https://github.com/theupdateframework/python-tuf).

## Maintainership and Consensus Builder
The project is maintained by the people indicated in
[MAINTAINERS](MAINTAINERS.txt).  A maintainer is expected to (1) submit and
review GitHub pull requests and (2) open issues or [submit vulnerability
reports](https://github.com/theupdateframework/python-tuf#security-issues-and-bugs).
A maintainer has the authority to approve or reject pull requests submitted by
contributors.

More significant changes in the project, such as those that require a TAP or
changes in governance, are guided by a maintainer called the Consensus
Builder (CB).  The project's Consensus Builder (CB) is Justin Cappos
<jcappos@nyu.edu, @JustinCappos>, who has a lifetime appointment.

## Contributions
Contributors can submit pull requests to the project's repositories. They must
follow the project's [code of conduct](CODE-OF-CONDUCT.md), the
[developer certificate of origin](https://developercertificate.org/), and the
repository specific contribution guidelines, such as
[CONTRIBUTING.rst](CONTRIBUTING.rst).

## Changes in maintainership

A contributor to the project must express interest in becoming a maintainer.
The CB has the authority to add or remove maintainers.

## Changes in governance

The CB supervises changes in governance, but a majority of maintainers must vote +1 on the PR.

## Changes in the consensus builder

The consensus builder may be appointed for a fixed term or it may be a lifetime appointment.  To initiate a change of consensus builder, or a change in the length of the appointment,  a GitHub PR must be opened.  If a fixed term is specified, the PR should be opened no earlier than 6 weeks before the end of the CB's term. If there is not a fixed term appointment, the PR may be opened at any time.  In either case, the PR must be kept open for no less than 4 weeks.  Additionally, the PR can only be merged with more +1 than -1 in the binding votes.

Anyone from the community can vote on the PR with either +1 or -1.

Only votes from maintainers that have been listed in the top-level [MAINTAINERS](MAINTAINERS.txt) file before the PR is opened are binding.

When there are conflicting PRs about changes in the consensus builder, the PR with the most binding +1 votes is merged.

The consensus builder can volunteer to step down.
Add initial GOVERNANCE.md Signed-off-by: Vladimir Diaz <vladimir.v.diaz@gmail.com> 2017-11-09 22:41:53 +00:00			`# TUF governance`
			`This document covers the project's governance and committer process. The`
			`project consists of the TUF`
			`[specification](https://github.com/theupdateframework/specification) and`
Update links to account for repository rename We have renamed the repository from tuf->python-tuf Signed-off-by: Joshua Lock <jlock@vmware.com> 2021-09-01 10:14:55 +00:00			`[reference implementation](https://github.com/theupdateframework/python-tuf).`
Add initial GOVERNANCE.md Signed-off-by: Vladimir Diaz <vladimir.v.diaz@gmail.com> 2017-11-09 22:41:53 +00:00
Reflect the intended use of the role 2017-11-13 16:03:44 +00:00			`## Maintainership and Consensus Builder`
Revise parts of text Signed-off-by: Vladimir Diaz <vladimir.v.diaz@gmail.com> 2017-11-13 15:43:18 +00:00			`The project is maintained by the people indicated in`
More organizational changes Modified documentation links in README. Added a Getting Started doc Signed-off-by: Vladimir Diaz <vladimir.v.diaz@gmail.com> 2018-01-24 19:09:48 +00:00			`[MAINTAINERS](MAINTAINERS.txt). A maintainer is expected to (1) submit and`
Revise parts of text Signed-off-by: Vladimir Diaz <vladimir.v.diaz@gmail.com> 2017-11-13 15:43:18 +00:00			`review GitHub pull requests and (2) open issues or [submit vulnerability`
Update links to account for repository rename We have renamed the repository from tuf->python-tuf Signed-off-by: Joshua Lock <jlock@vmware.com> 2021-09-01 10:14:55 +00:00			`reports](https://github.com/theupdateframework/python-tuf#security-issues-and-bugs).`
Add initial GOVERNANCE.md Signed-off-by: Vladimir Diaz <vladimir.v.diaz@gmail.com> 2017-11-09 22:41:53 +00:00			`A maintainer has the authority to approve or reject pull requests submitted by`
doc: Remove trailing whitespaces from docs files This commit is a simple trailing whitespaces cleanup from the files inside the docs folder. The files on docs sub-directories are not part of this commit. The docs/SECURITY.md will be removed on PR #1769 Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com> 2022-01-13 16:55:30 +00:00			`contributors.`
CB clarifications requested by Liz Signed-off-by: Justin Cappos <justincappos@gmail.com> 2019-11-05 14:00:35 +00:00
			`More significant changes in the project, such as those that require a TAP or`
doc: Remove trailing whitespaces from docs files This commit is a simple trailing whitespaces cleanup from the files inside the docs folder. The files on docs sub-directories are not part of this commit. The docs/SECURITY.md will be removed on PR #1769 Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com> 2022-01-13 16:55:30 +00:00			`changes in governance, are guided by a maintainer called the Consensus`
			`Builder (CB). The project's Consensus Builder (CB) is Justin Cappos`
Governance clarifications Signed-off-by: Justin Cappos <justincappos@gmail.com> Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu> 2019-11-09 17:33:48 +00:00			`<jcappos@nyu.edu, @JustinCappos>, who has a lifetime appointment.`
Add initial GOVERNANCE.md Signed-off-by: Vladimir Diaz <vladimir.v.diaz@gmail.com> 2017-11-09 22:41:53 +00:00
			`## Contributions`
docs: Remove some obsolete advice Governance docs does not need to talk about linting tools. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com> 2026-03-23 10:19:19 +00:00			`Contributors can submit pull requests to the project's repositories. They must`
			`follow the project's [code of conduct](CODE-OF-CONDUCT.md), the`
			`[developer certificate of origin](https://developercertificate.org/), and the`
			`repository specific contribution guidelines, such as`
			`[CONTRIBUTING.rst](CONTRIBUTING.rst).`
Add initial GOVERNANCE.md Signed-off-by: Vladimir Diaz <vladimir.v.diaz@gmail.com> 2017-11-09 22:41:53 +00:00
			`## Changes in maintainership`

			`A contributor to the project must express interest in becoming a maintainer.`
Update GOVERNANCE.md 2017-11-13 16:02:26 +00:00			`The CB has the authority to add or remove maintainers.`
Add initial GOVERNANCE.md Signed-off-by: Vladimir Diaz <vladimir.v.diaz@gmail.com> 2017-11-09 22:41:53 +00:00
			`## Changes in governance`
changes recommended by Liz Signed-off-by: Justin Cappos <justincappos@gmail.com> 2019-10-30 10:31:33 +00:00
doc: Remove trailing whitespaces from docs files This commit is a simple trailing whitespaces cleanup from the files inside the docs folder. The files on docs sub-directories are not part of this commit. The docs/SECURITY.md will be removed on PR #1769 Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com> 2022-01-13 16:55:30 +00:00			`The CB supervises changes in governance, but a majority of maintainers must vote +1 on the PR.`
Governance clarifications Signed-off-by: Justin Cappos <justincappos@gmail.com> Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu> 2019-11-09 17:33:48 +00:00
			`## Changes in the consensus builder`

			The consensus builder may be appointed for a fixed term or it may be a lifetime appointment. To initiate a change of consensus builder, or a change in the length of the appointment, a GitHub PR must be opened. If a fixed term is specified, the PR should be opened no earlier than 6 weeks before the end of the CB's term. If there is not a fixed term appointment, the PR may be opened at any time. In either case, the PR must be kept open for no less than 4 weeks. Additionally, the PR can only be merged with more +1 than -1 in the binding votes.
changes recommended by Liz Signed-off-by: Justin Cappos <justincappos@gmail.com> 2019-10-30 10:31:33 +00:00
			`Anyone from the community can vote on the PR with either +1 or -1.`

			`Only votes from maintainers that have been listed in the top-level [MAINTAINERS](MAINTAINERS.txt) file before the PR is opened are binding.`

			`When there are conflicting PRs about changes in the consensus builder, the PR with the most binding +1 votes is merged.`

			`The consensus builder can volunteer to step down.`