Ah yes, good point. For me personally, there's very little that's
contentious about adapting our policies to reflect changing engineering
practices. When I wrote a bunch of our original policies many years
back, they were a reflection of actual practice at the time with our
aspirations. So updating policy to reflect today's practices seems a
mark of a well managed project. So probably there's a bunch to do here.
On the scope side, does "firefox" capture it? If we mean the set of
code that ships as part of Firefox, then it clearly includes Gecko,etc,
which we would want.
I agree that acting as if this policy governs code it doesn't is not
helpful. And by being clear what it does cover, it also makes it clear
where we are making a different risk / convenience / reward balance.
Mitchell
On 8/3/16 10:06 PM, Gregory Szorc wrote:
On Wed, Aug 3, 2016 at 8:20 PM, Mitchell Baker <mitch...@mozilla.com
<mailto:mitch...@mozilla.com>> wrote:
ideal followup is governance ... cross posting to reach those
likely to be interested
I'm currently the owner of the Commit Access Policy module.
That's because I wrote the original policy and did what was
necessary to get it implemented. (That's old history!) I was
also engaged in the rewrite to the current policy but not at the
same level. There's a separate module for implementation, owned by
Marcia Knous.
Someone closer to our code should own this policy going forward.
I have a few ideas but there are many people who have become
active whom I don't yet know. So if there's someone you think
should own this policy please do let me know. It should be
someone familiar with how things work, who has a sense for good,
workable practices that protect are code and a good communicator.
current policy is here:
https://www.mozilla.org/en-US/about/governance/policies/commit/access-policy/
I'm going to say something that might be a bit contentious: I think a
single commit access policy for all of Mozilla reflects the needs of
Mozilla from several years ago, not the needs of Mozilla today. The
world has changed. Mozilla has changed. The policy was written before
distributed version control was popular, before services like GitHub.
The reality of today is that the "Mozilla Commit Access Policy" is
effectively the "Firefox Commit Access Policy." There are large
Mozilla projects to which the existing policy does not apply or is
simply ignored. On GitHub, each organization or project has the
freedom to define its own policy. This is both good and bad. Mostly
good for the flexibility and convenience. Bad in that it has
historically been the wild west and there are some gotchas in GitHub's
permissions model that can lead to access being granted where it
shouldn't be. See https://wiki.mozilla.org/Github for more on the
policy that more or less governs the "mozilla" organization on GitHub.
Of course there are other Mozilla-affiliated organizations, like Rust,
Servo, Bugzilla, TaskCluster, ...
I'm not sure how formal we want to be on a commit policy that attempts
to govern all of Mozilla and/or that governs less established projects
or projects outside the Firefox umbrella.
I do believe that Firefox needs a formal policy. I consider security
and legal requirements as significant drivers of at least the Firefox
commit policy. So having someone with well-formed connections to those
groups and who knows the server maintainers would be ideal. I know
Doug Turner has expressed interest in the Firefox commit policy and
his org runs the Mozilla-hosted version control servers and Firefox
automation. Ditto for Lawrence Mandel and Jonathan Griffin. Hal Wine
has done a lot of work on establishing sanity to GitHub access, has
familiarity with Firefox access and security concerns, has access to
the version control servers, and seems to have connections throughout
Mozilla. Those are the first names that jump out to me. But I think
choosing someone really depends on the scope of the module/policy
going forward...
_______________________________________________
governance mailing list
governance@lists.mozilla.org
https://lists.mozilla.org/listinfo/governance
