On Wed, Aug 3, 2016 at 8:20 PM, Mitchell Baker <[email protected]> wrote:
> ideal followup is governance ... cross posting to reach those likely to be > interested > > I'm currently the owner of the Commit Access Policy module. That's > because I wrote the original policy and did what was necessary to get it > implemented. (That's old history!) I was also engaged in the rewrite to > the current policy but not at the same level. There's a separate module for > implementation, owned by Marcia Knous. > > Someone closer to our code should own this policy going forward. I have a > few ideas but there are many people who have become active whom I don't yet > know. So if there's someone you think should own this policy please do let > me know. It should be someone familiar with how things work, who has a > sense for good, workable practices that protect are code and a good > communicator. > > current policy is here: > https://www.mozilla.org/en-US/about/governance/policies/commit/access-policy/ > I'm going to say something that might be a bit contentious: I think a single commit access policy for all of Mozilla reflects the needs of Mozilla from several years ago, not the needs of Mozilla today. The world has changed. Mozilla has changed. The policy was written before distributed version control was popular, before services like GitHub. The reality of today is that the "Mozilla Commit Access Policy" is effectively the "Firefox Commit Access Policy." There are large Mozilla projects to which the existing policy does not apply or is simply ignored. On GitHub, each organization or project has the freedom to define its own policy. This is both good and bad. Mostly good for the flexibility and convenience. Bad in that it has historically been the wild west and there are some gotchas in GitHub's permissions model that can lead to access being granted where it shouldn't be. See https://wiki.mozilla.org/Github for more on the policy that more or less governs the "mozilla" organization on GitHub. Of course there are other Mozilla-affiliated organizations, like Rust, Servo, Bugzilla, TaskCluster, ... I'm not sure how formal we want to be on a commit policy that attempts to govern all of Mozilla and/or that governs less established projects or projects outside the Firefox umbrella. I do believe that Firefox needs a formal policy. I consider security and legal requirements as significant drivers of at least the Firefox commit policy. So having someone with well-formed connections to those groups and who knows the server maintainers would be ideal. I know Doug Turner has expressed interest in the Firefox commit policy and his org runs the Mozilla-hosted version control servers and Firefox automation. Ditto for Lawrence Mandel and Jonathan Griffin. Hal Wine has done a lot of work on establishing sanity to GitHub access, has familiarity with Firefox access and security concerns, has access to the version control servers, and seems to have connections throughout Mozilla. Those are the first names that jump out to me. But I think choosing someone really depends on the scope of the module/policy going forward... _______________________________________________ governance mailing list [email protected] https://lists.mozilla.org/listinfo/governance
