A good template for specifying delgation of duties is RACI: Responsible Accountable Consulted Informed
Often a RACI Matrix is made up, showing for each activity, the set of roles involved and the expected level of involvement (R A C I). Examples: http://racichart.org/ https://en.wikipedia.org/wiki/Responsibility_assignment_matrix -Joan ----- Original Message ----- From: "Dave Cottlehuber" <[email protected]> To: [email protected] Sent: Tuesday, May 27, 2014 4:38:15 AM Subject: Re: [REQUES] Review proposed bylaws (Was: Re: [DISCUSS] Project bylaws) > On 20 May 2014 23:43, Jan Lehnardt <[email protected]> wrote: >> 2.4. I’d say handling security issues are the responsibility of the >> committers in a private forum. That bit should be moved to 2.3. At least >> that’s what we’ve been doing in the past, would be good to reflect that. > > Ultimately, it falls on the PMC to make sure this is addressed, with > non-required help from the committers. I propose to leave it as it is, > unless you have an edit for the committers section to mention that > they can be involved in security response procedures. Understood, I find it confusing that we define things here and then act differently, and I fear it might confuse future (and existing) contributors. Correct me if I am wrong, but I am seeing the bylaws as a specialised subclass of the rules we get from the ASF (and a formalisations of the various guidelines from the ASF as we deem them fit for this project). As per the ASF, the PMC is responsible for making sure security stuff is taken care of (same for releases), but in our bylaws, we can specify that the responsibility actually lies with the committers. Even though from an ASF perspective the PMC is responsible, the PMC delegates this one level down. A good way of describing this is to use accountability and responsibility. e.g. my children are responsible for tidying their rooms, but I remain accountable. You can’t delegate accountability, only responsibility. I think this is what you want. Also +1 to you & Joan’s comments wrt COPDOC. Let’s make this as acronym-free as practical, and a reasonably short list. Rule of thumb is what would happen if this list were wrong, too short etc? Not catastrophic. A+ Dave
