1. Oca-Pgb
  2. Messages

Re: OCA Project Governance

duncan@sfractal
 

I agree Governance should be a focus. Our website claims:

Governance

Developers, corporate supporters, and technology consumers all have a voice in decision-making.

The PGB has a responsibility to walk the governance talk. That’s the top-down view. If it delegated it to the TSC, the PGB is still accountable if the TSC hasn’t done anything. If nothing else, each project should have a bottom up of how they are governed today. Who approves PR’s? Are there different roles (eg Maintainer) and how are they selected? Are there project meetings that prioritize or approve whatever? Are they open to all? Which governance model (from in https://www.redhat.com/en/blog/understanding-open-source-governance-models) is followed. And all this should be written somewhere. Stixshifter has a half decent ‘how to contribute’ but it doesn’t mention governance and how it’s done. Eg anybody can submit a PR – but can anybody approve a PR? People won’t contribute if they feel a project is controlled by a corporation or an opaque bunch of insiders.

 

What is the current state of the TSC? IMHO there should be a correlation between projects and some of the TSC members. For example each project should have two maintainers (ideally from different companies, approved by PGB) and they are on the TSC representing their project. Ideally there would be some additional TSC members as well taking a more ‘across projects’ approach.

 

Is the architecture group a part of the governance process? Is it a committee of the PGB or of the TSC or something else entirely? It is not mentioned on the website governance page.

 

-- 

Duncan Sparrell

sFractal Consulting LLC

iPhone, iTypo, iApologize

I welcome VSRE emails. Learn more at http://vsre.info/

 

 

 

From: oca-pgb@... <oca-pgb@...> on behalf of Jason Keirstead via lists.oasis-open-projects.org <Jason.Keirstead=ca.ibm.com@...>
Date: Friday, November 19, 2021 at 7:52 AM
To: oca-pgb@... <oca-pgb@...>
Cc: oca-pgb@... <oca-pgb@...>
Subject: Re: [oca-pgb] OCA Project Governance

Hi Duncan;

 

I have not forgotten about this email. As you know - we have a lot of open switches around project governance in the OCA.

Despite our best efforts we are having a lot of trouble bringing it to a close. This is also related to our issues fielding the TSC. Despite having the recruitment window open for an extended period and many CTA - including trying to cast a wider net - we did not get any volunteers, not even from OCA sponsors. Without a diverse TSC who has some minimal cycles to organize governance, it is hard to execute.

We are very open to suggestions on how we can both fill some seats in the TSC, and create a more solid governance structure around the projects. 

We have a PGB meeting on Dec 2, and I would suggest this should be the primary focus of the session. I also think we should do individual reach-outs to members to try to encourage attendance in this meeting. 

 

-
Jason Keirstead
Distinguished Engineer, CTO - IBM Security Threat Management
www.ibm.com/security
 

Assistant - Mauricio Durán Cambronero (mauduran@...)

Book a meeting with me - https://calendly.com/jason-keirstead

Co-Chair - Open Cybersecurity Alliance, Project Governing Board

www.opencybersecurityalliance.org
 

 

 

----- Original message -----
From: "sfractal" <duncan@...>
Sent by: oca-pgb@...
To: "oca-pgb@..." <oca-pgb@...>
Cc:
Subject: [EXTERNAL] [oca-pgb] OCA Project Governance
Date: Tue, Nov 16, 2021 1:26 PM
 
PACE is now a new OCA project. It would help me to understand the governance models of the other existing OCA projects and if there are rules or guidance from the OCA PGB on the governance models of new projects. If we use the terms in ‍ ‍ ‍ ZjQcmQRYFpfptBannerStart

This Message Is From an External Sender

This message came from outside your organization.

ZjQcmQRYFpfptBannerEnd

 

PACE is now a new OCA project. It would help me to understand the governance models of the other existing OCA projects and if there are rules or guidance from the OCA PGB on the governance models of new projects. If we use the terms in https://www.redhat.com/en/blog/understanding-open-source-governance-models, what are the existing projects governance models?

 - stix-shifter

 - ontology (btw didn’t we change the name from open-d ontology which is what the OCA website still says), 

  - kestrel, 

  - scapv2 (is this still an active project?)

 

If their governance models are known, are they also documented? If they aren’t known, shouldn’t we decide and document them?

 

Note there are pros and cons to the various models and combinations are allowed.

 

iPhone, iTypo, iApologize

 

Duncan Sparrell

sFractal Consulting, LLC

I welcome VSRE emails. Learn more at http://vsre.info/

 

 

 
Join oca-pgb@lists.oasis-open-projects.org to automatically receive all group messages.