Create LLC and TSC

Clean up various legal/charter constructs. The Linux Foundation plans to move this project into its own LLC (this provides various legal protections), and we must state that. A side-effect is that we need to create "Technical Steering Committee" (TSC). I think that's a good thing. I intend to start it with me (as I was the original project lead & committer), and work to add others to it, so it's not just me working by myself. The proposed approach says the OpenSSF TAC can change the TSC by 2/3rds vote. The intent is to ensure that I (or anyone else) can't be a dictator, and that it's possible to get things going again if something goes wrong. Originally I was going to have the OpenSSF Best Practices WG do that vote, but I think it'd be better to have the TAC do it. Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
coreinfrastructure · Feb 2, 2024 · 1866d58 · 1866d58
1 parent f8b1ed9
commit 1866d58
Show file tree

Hide file tree

Showing 4 changed files with 152 additions and 13 deletions.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -16,6 +16,7 @@ Here's help on how to make contributions, divided into the following sections:
 * reuse (supply chain for third-party components, including updating them),
 * keeping up the main branch, and
 * handling the rename of the "master" branch to "main".
+* governance
 
 ## General information
 
@@ -1031,3 +1032,15 @@ git fetch origin
 git branch -u origin/main main
 git remote set-head origin -a
 ~~~~
+
+## Governance
+
+This project is led by the OpenSSF Best Practices Badge
+Technical Steering Committee (TSC).
+For current members, see [TSC.md](./TSC.md).
+The TSC is supported by a technical lead.
+
+The file [governance.md](docs/governance.md) describes our governance model
+(how we decide things) in more detail.
+That file is considered "incorporated by reference" by this
+CONTRIBUTING document.
diff --git a/config/locales/en.yml b/config/locales/en.yml
@@ -38,13 +38,16 @@ en:
     footer_text_html: >-
       <small> <strong>Need help? Have a question? See a problem?
       Please <em><a href="https://github.com/coreinfrastructure/best-practices-badge/issues"
-      target="_blank" rel="noopener">file an issue</a></em>.</strong> © 2015-2021
+      target="_blank" rel="noopener">file an issue</a></em>.</strong>
+      Copyright © 
+      <a href="https://www.bestpractices.dev" target="_blank" rel="noopener">OpenSSF Best Practices Badge a Series of LF Projects, LLC</a>.
+      For web site terms of use, trademark policy and other project policies please see <a href="https://lfprojects.org" target="_blank" rel="noopener">https://lfprojects.org</a>.
+      For more information, see the websites of the
       <a href="https://openssf.org" target="_blank" rel="noopener">Open Source
-      Security Foundation</a>, a <a href="https://www.linuxfoundation.org/"
-      target="_blank" rel="noopener">Linux Foundation</a> Collaborative Project.
+      Security Foundation (OpenSSF)</a> and <a href="https://www.linuxfoundation.org/"
+      target="_blank" rel="noopener">The Linux Foundation</a>.
       All Rights Reserved. Please see our <a href="https://www.linuxfoundation.org/privacy"
-      target="_blank" rel="noopener">privacy policy</a> and <a href="https://www.linuxfoundation.org/terms"
-      target="_blank" rel="noopener">terms of use</a>. </small>
+      target="_blank" rel="noopener">privacy policy</a>.</small>
   admin_only: Admin only.
   account_activations:
     activated: >

diff --git a/docs/TSC.md b/docs/TSC.md
@@ -0,0 +1,11 @@
+# Technical Steering Committee (TSC) Members
+
+<!-- SPDX-License-Identifier: (MIT OR CC-BY-3.0+) -->
+
+The members of the OpenSSF Best Practices Badge
+Technical Steering Committee (TSC) are:
+
+* David A. Wheeler (@david-a-wheeler)
+
+The plan is to extend this list of TSC members; the goal is to
+get started with the TSC construct that is new to the best practices badge.
diff --git a/docs/governance.md b/docs/governance.md
@@ -15,23 +15,134 @@ Core Infrastructure Initiative (CII) project.
 In terms of
 ["Governance models" (Gardler and Hanganu)](http://oss-watch.ac.uk/resources/governancemodels) the badging project is a bazaar -
 contributions are gladly welcomed from anyone.
-The project is led by a single technical lead designated by the OpenSSF.
-The technical lead has final say on decisions (and thus is
-something of a "benevolent dictator"), but the technical
-lead is subject to being overruled or replaced by the OpenSSF.
+However, we need to review external contributions to maintain quality.
+
+### Technical Steering Committee (TSC)
+
+This project is led by the OpenSSF Best Practices Badge
+Technical Steering Committee (TSC).
+For current members, see [TSC.md](./TSC.md).
+
+TSC decisions are by majority vote.
+Decisions can be electronic (e.g., a mailing list or
+electronic voting system) or in a meeting (in person or a teleconference),
+at the choice of the TSC members.
+In case of a tie, the OpenSSF Best Practices Badge
+technical lead can break the tie.
+
+This TSC reports to the OpenSSF Best Practices Working Group, who in
+turn report to the OpenSSF Technical Advisory Council (TAC).
+
+The TSC can add or remove members to itself (again, by majority vote).
+
+The OpenSSF TAC can add or remove members in the OpenSSF Best
+Practices Badge TSC by TAC majority vote. This is not intended to
+be a common practice, but this mechanism prevents the TSC from being
+overly insular.
+
+## TSC Powers
+
+The TSC may (1) establish work flow procedures for the submission,
+approval, and closure/archiving of projects, (2) set requirements
+for the promotion of Contributors to Committer status, as applicable,
+and (3) amend, adjust, refine and/or eliminate the roles of
+Contributors, and Committers, and create new roles, and publicly
+document any TSC roles, as it sees fit.
+
+The TSC may elect a TSC Chair, who will preside over meetings of
+the TSC and will serve until their resignation or replacement by
+the TSC.  The TSC Chair, or any other TSC member so designated by
+the TSC, will serve as the primary communication contact between
+the Project and OpenSSF, a directed fund of The Linux Foundation.
+
+The TSC will be responsible for all aspects of oversight relating
+to the Project, which may include:
+
+1. coordinating the technical direction of the Project; approving
+   project or system proposals (including, but not limited to, incubation,
+2. deprecation, and changes to a sub-project’s scope);
+3. organizing sub-projects and removing sub-projects;
+4. creating sub-committees or working groups to focus on cross-project
+   technical issues and requirements;
+5. appointing representatives to work with other open source or
+   open standards communities;
+6. establishing community norms, workflows, issuing releases,
+   and security issue reporting policies;
+7. approving and implementing policies and processes for contributing
+   and coordinating with
+   the series manager of the Project (as provided for in the Series
+   Agreement, the “Series Manager”) to resolve matters or concerns
+   that may arise;
+8. discussions, seeking consensus, and where necessary, voting on
+   technical matters relating to the code base that affect multiple
+   projects; and
+   coordinating any marketing, events, or communications regarding the Project.
+
+In practice, the TSC delegates many tasks to the technical lead, who
+serves the TSC.
+
+## TSC Voting
+
+1. While the Project aims to operate as a consensus-based community,
+   if any TSC decision requires a vote to move the Project forward,
+   the voting members of the TSC will vote on a one vote per voting
+   member basis.
+2. Quorum for TSC meetings requires at least fifty percent of all
+   voting members of the TSC to be present. The TSC may continue to
+   meet if quorum is not met but will be prevented from making any
+   decisions at the meeting.
+3. Except as provided in Technical Charter Section 7.c. and 8.a, decisions
+   by vote at a meeting require a majority vote of those in attendance,
+   provided quorum is met. Decisions made by electronic vote without
+   a meeting require a majority vote of all voting members of the TSC.
+4. In the event a vote cannot be resolved by the TSC, any voting
+   member of the TSC may refer the matter to the Series Manager for
+   assistance in reaching a resolution.
+   They may also contact the OpenSSF Best Practices WG.
+
+Technical Charter sections 7.c and 8.a identify the licensing requirements,
+e.g., MIT license for the source code.
+
+## Technical Lead
+
+Many of the day-to-day maintenance tasks of the OpenSSF Best Practices Badge
+are managed by the OpenSSF Best Practices Badge are managed
+by the OpenSSF Best Practices Badge technical lead.
+
+The technical lead reports to the OpenSSF TSC, including on significant
+work or decisions to be made.
+The technical lead's decisions can be
+overruled by the OpenSSF TSC at any time.
+In addition, the OpenSSF TSC can replace the technical lead at any time
+(as always, by majority vote).
+
 Also, since the project is FLOSS, the project can be forked;
 this ability to fork also provides a check against despotism.
 The technical lead's job is focus on doing what's best
 for this project, and the project's goal is to help
 the FLOSS community overall.
 
 The technical lead has commit rights on the software, and administrative
-rights to the production site, and can add or remove those rights to others.
+rights to the production site, and can add or remove those rights to others
+to further the goals of the project
+(subject to being overruled by the TSC).
 Those with commit rights can make changes
 (subject to caveats described below) and accept changes
 (typically pull requests) submitted by others.
 These changes include changes to the process and contribution requirements.
 
+## Committers
+
+Committers are those with authority to directly make changes
+to the main branch of the code.
+The TSC and technical lead can add or revoke commit privilege
+(the TSC overrides the technical lead in case of a conflict).
+
+## Contributors
+
+Contributors are those who choose to contribute to the project.
+See [CONTRIBUTING](../CONTRIBUTING.md).
+
 ## Process
 
 We generally use the GitHub issue tracker and pull requests for managing
@@ -41,15 +152,15 @@ For details, including contribution requirements, see
 Note that we emphasize two-person review for anything other than
 low-risk contributions.
 
-This project requires two-factor authentication (2FA).
+This project requires two-factor authentication (2FA) for direct commit rights.
 In addition, this project does not accept SMS as the second factor.
 
 Issues that we have determined are especially important, particularly
 if they will take a while, are added to the "next" milestone
 (which identifies "what should be prioritized next").
 
 We expect people to focus on improving the project, not attacking other
-people.  Please strive to "Be excellent to each other."
+people. Please strive to "Be excellent to each other."
 For more information, see our [Code of Conduct](../CODE_OF_CONDUCT.md).
 
 ## Criteria changes
@@ -97,7 +208,8 @@ Speeding adding of a criterion is expected to be extremely unusual.
 ## Current people
 
 The current Badge Project technical lead is David A. Wheeler.
-Others with commit rights include Jason Dossett.
+
+To see the current list of TSC members, see [TSC.md](./TSC.md).
 
 ## See also