How (if at all) do our usual open source practices need to be modified to accommodate the roles involved in functional safety critical development?
With this issue, I'd like to develop an understanding what exceptions to the Eclipse Foundation Development Process (EDP) are required with regard to project roles, authority, and privileges in the context of functional safety critical software development.
The EDP only defines three project roles: contributor, committer, and project lead (it also defines PMC Lead, PMC member, etc., but I believe that these roles are out of scope).
In very pragmatic/practical terms...
Contributors are those individual that contribute to a project. Contributors create merge/pull requests, but cannot choose to merge them. Contributors can create and comment on issues. Contributors have no specific authority on an Eclipse project, but it is common for committers to heed the advice of contributors (and other community members) in their decision-making process.
Committers are the ones who make decisions about what goes into project repositories, have access to build and distribution resources associated with the project, etc. To be clear, this means all project repositories/resources, including code, documentation, user manuals, ... there are no custom ACLs or similar: all committers have equal access to all project resources. Committers can push commits directly into a repository and merge merge/pull requests made by committers. Committers also get to decide who else should be a committer (that is, they initiate committer elections).
The EDP has no notion of some committers being more special than others. There is, for example, no notion of Technical Lead. A theoretical technical lead is just a committer; they have only the authority that is granted to them by the other committers. A project team can choose to formalise this special roles, but the responsibilities and privileges that come with those roles are managed via social convention (EF infrastructure does not support any notion of restricting or granting specific privileges to subsets committers).
Project leads serve primarily as a liaison between the project team and the EMO. They have primary responsibility for ensuring that the project team is following good open source practices and are implementing the EDP, Eclipse Foundation IP and Security policies, etc. Project leads must also be committers.
The Eclipse S-CORE project defines a number of roles.
The following management roles are defined.
- Project Lead
- Quality Manager
- Security Manager
The project lead is intended, I believe, to align roughly with the project lead role defined in the EDP. The role definition contains some elements that are at odds with the EDP. For example, "Election and replacement of all role’s personnel" is not consistent with the EDP: in the EDP, it is the responsibility of the project's committers to initiate elections to onboard individuals into project roles (the project lead does have the ability to retire inactive committers, but this is a power that must be used responsibly).
Is there something specific about functional safety critical software development that requires that we make an exception to our usual practices consider elections into project roles?
Do the Quality and Security Manager roles need to have any specific authority granted to them other than that which is granted by the project committers? That is, do we need to codify any specific authority/privilege/responsibility for these roles, or is it enough that these be de facto roles that are filled by individuals from whom project committers choose to take direction?
A number of other roles are defined. My thinking is that I'd like to map each of these roles to the EDP roles. For each, I'd like to identify specific authority and privileges must be added or removed relative to the corresponding EDP role. For each role, I'd like to understand the conditions by which someone is granted the role: e.g., are individuals elected based on public demonstrations of merit, or are they appointed (and by who)?
FWIW, my thinking is that any role that has the authority to merge merge/pull requests is committer; some subset of the committers are project leads; and everybody else is a contributor.
/cc @dana @devcurmudgeon @gerdroid @grandyho @hartmannnico @skappel @thiloschmitt