EESSI Governance #456
EESSI Governance #456
Conversation
…we can do that in follow up PRs
|
@casparvl I've fixed some typos in casparvl#1 and casparvl#2. |
fix typo
fix some more typos
|
Oh yeah, thanks, merged! |
docs/governance/governance.md
Outdated
|
|
||
| ### 5.2 Removing Team Members | ||
| <!-- Describe under what conditions someone may be removed (e.g., inactivity, conduct). --> | ||
| Teams decide themselves decide the procedure to remove new Team members. As for the procedure of adding Team Members, the procedure to remove Team Members should reflect the sensitivity of the position. |
There was a problem hiding this comment.
| Teams decide themselves decide the procedure to remove new Team members. As for the procedure of adding Team Members, the procedure to remove Team Members should reflect the sensitivity of the position. | |
| Teams themselves decide the procedure to remove Team members. As for the procedure of adding Team Members, the procedure to remove Team Members should reflect the sensitivity of the position. |
docs/governance/governance.md
Outdated
| TODO: This project follows the [Contributor Covenant](https://www.contributor-covenant.org/) Code of Conduct. | ||
|
|
||
| ## 8. Contribution Agreement | ||
| TODO: Should refer to some Contribution Agreement. Is contributing only possible after signing this agremeent? If so, that should be stated here |
There was a problem hiding this comment.
Linux projects have a standard approach here which doesn't involve signing a CA
| TODO: Should refer to some Contribution Agreement. Is contributing only possible after signing this agremeent? If so, that should be stated here | |
| TODO: Should refer to some Contribution Agreement. Is contributing only possible after signing this agreement? If so, that should be stated here |
There was a problem hiding this comment.
Hm, that sounds attractive, since it means we don't need a lawyer to draw up something for us :)
carefully hand-crafted ... aehm copiloted ... policies
…SSI softwares stack versions and individual software. Remove some duplicate statements
docs/governance/policies.md
Outdated
|
|
||
| - EESSI is committed to providing a complete SBOM for all deployed software. | ||
| - The SBOM should include versioning, licensing, and dependency information. | ||
| - Preferred formats include SPDX or CycloneDX. |
There was a problem hiding this comment.
I'm not sure if we can already meet the latter two points. If not, does it make sense to include them? I don't think so. Or at least we should make clear it's not currently the case, but is a long term goal.
| - Governance: governance/governance.md | ||
| - EESSI Policies: governance/policies.md | ||
| - Code of Conduct: governance/code_of_conduct.md | ||
| - Current Steering Committee: governance/steering_committee.md |
There was a problem hiding this comment.
We should either set up an auto-redirect for eessi.io/docs/governance to the moved steering_comittee URL, or set up a simple index.md in /governance with bullets that points to the subpages.
docs/governance/terms_of_use.md
Outdated
| @@ -0,0 +1,35 @@ | |||
| # EESSI – Terms of Use | |||
|
|
|||
| **Effective Date:** 23 June 2025 | |||
There was a problem hiding this comment.
I would change this to:
| **Effective Date:** 23 June 2025 | |
| **Last change:** 23 June 2025 |
and then also have a Changelog at the end (which for now can just mention something like "No changes since initial publication of this Terms of Use on ")
There was a problem hiding this comment.
Effective Date is the correct legal term here. It signifies when the (i.e. this version of the) Terms and Conditions have become applicable. It doesn't just signify the change: you can make a change and decide it will only become effective 1 month from now, if that's what you want.
docs/governance/terms_of_use.md
Outdated
|
|
||
| **Effective Date:** 23 June 2025 | ||
|
|
||
| By using the **European Environment for Scientific Software Installations (EESSI)**, you agree to the following terms: |
There was a problem hiding this comment.
| By using the **European Environment for Scientific Software Installations (EESSI)**, you agree to the following terms: | |
| By using the [**European Environment for Scientific Software Installations (EESSI)**](https://eessi.io), you agree to the following terms: |
docs/governance/terms_of_use.md
Outdated
| By using the **European Environment for Scientific Software Installations (EESSI)**, you agree to the following terms: | ||
|
|
||
| ## 1. Purpose | ||
| EESSI provides a shared scientific software stack for academic, research, and educational use. Access and usage are intended for non-commercial scientific computing. |
There was a problem hiding this comment.
We need to be careful with our wording here, I think...
As such, this doesn't forbid the use of EESSI for "commercial scientific computing" (whatever that may mean)
I guess as it is now, it's OK?
There was a problem hiding this comment.
Clarified phrasing: fb0e8e6
docs/governance/terms_of_use.md
Outdated
| Contributions are welcome and governed by the project’s contribution guidelines. By contributing, you agree your input may be publicly shared and reused under compatible open-source licenses. | ||
|
|
||
| ## 8. Contact | ||
| For support or inquiries, visit [https://eessi.github.io](https://eessi.github.io) or contact the maintainers via **[Insert Email or GitHub]**. |
There was a problem hiding this comment.
To fix, maybe just point to https://www.eessi.io/docs/support ?
docs/governance/policies.md
Outdated
| <!-- | ||
| # EESSI Policies | ||
| --> | ||
|
|
||
| <!-- | ||
| No policies have been defined (yet) ==> see draft based on the thoughts below | ||
| --> | ||
|
|
||
| <!-- | ||
| Should we have separate policies that Teams themselves can set? I.e. distinguish Project and Team policies, where project policies are set by the Steering Committee and Team policies by the respective Teams? Team policies could be ways to formalize concensus-based decisions. Clearly, if Team policies and Project policies contract, Project policy should come first. | ||
|
|
||
| EESSI Policies could be things like | ||
|
|
||
| - Should build for all architectures | ||
| - If something isn't available for an architecture, the end-user should be informed at runtime, e.g. through an error printed by a modulefile | ||
| - If something cannot be optimized for a micro-architecture, do we provide a less-optimized form (e.g. doesn't build for zen4 but does for zen3, so we provide zen3)? | ||
| - Something on the fact that we try to provide a full software Bill-of-Materials for all software we deploy? | ||
| - Acceptance of new software for the EESSI repository is "Yes, unless we can't" or "Yes, as long as it meets the Contribution Policy", i.e. we'll accept _anything_ that's reasonable? | ||
| - Rebuild policy: when do we rebuild? | ||
| - Removal policy: when do we remove? | ||
| - Something on optimization? | ||
| - Something on contributions _other_ than software for the EESSI repository (i.e. build logic, test suite, build bot). Should a requirement be that we can test it? Or is this too specific and should it be Team Policy? | ||
| - Include our current Contribution Policy? Or should that be separate? (it's maybe more a Team Policy?) https://www.eessi.io/docs/adding_software/contribution_policy/ | ||
| - For security-critical roles (we should define which roles are security critical!), we only adopt new people that we (i.e. at least one person in that Team) knows _personally_. | ||
| - Whenever technical choices need to be made between (optimizing for) HPC, Cloud, or a PC, we prioritize HPC usage (?). I.e. if we can choose between two implementations, and one would break usage on HPC, and another would break Cloud usage, and there is no implementation that works on both, we prioritize HPC? Or do we NOT make this explicit? Or: do we only make it explicit for _optimization_ related stuff (but not for 'it works' vs 'it does not work')? | ||
| --> |
mkdocs.yml
Outdated
| - Overview: governance/index.md | ||
| - Charter: governance/charter.md | ||
| - Governance: governance/governance.md | ||
| - EESSI Policies: governance/policies.md |
There was a problem hiding this comment.
| - EESSI Policies: governance/policies.md | |
| - Policies: governance/policies.md |
docs/governance/policies.md
Outdated
|
|
||
| There are currently no Team Policies yet. | ||
|
|
||
| _Last updated: 23 June 2025_ |
There was a problem hiding this comment.
I would replace this with a "Changlog" section, and mention on top when this page was last updated and point to the changelog for details?
tweaks to governance (sections 3-9), charter, policies
Co-authored-by: Kenneth Hoste <[email protected]>
… is meant to resolve
Co-authored-by: Kenneth Hoste <[email protected]>
Co-authored-by: Bob Dröge <[email protected]>
| ### 2.6 Ingestors | ||
| Ingestors are those individuals that have permissions to ingest a tarball into the EESSI CernVM-FS repository, i.e. they are essentially responsible for step 3 as it is described in the [Builders](#builders) Section. | ||
|
|
||
| Ingestors have merge permissions on the (private) `EESSI/staging` GitHub repository. | ||
|
|
||
| Ingestors should check the contents of the tarball as it is reported in the pull requests in the `EESSI/staging` repository. This essentially provides a second check (next to that done by Deployers) on the contents of the tarball. |
There was a problem hiding this comment.
I was just making a github team for a new staging repo, and was wondering which name you used for this role. While using it, I started wondering if it shouldn't be ingesters. According to an AI friend:
Both ingester and ingestor are correct and commonly used, though "ingester" is the more widely accepted and preferred term, according to Wiktionary. Both words refer to something that ingests, whether it's a person, an animal, or a machine. While "ingestor" is also a valid word, "ingester" is more frequently encountered in contemporary usage, particularly in technical contexts
| ### 2.6 Ingestors | |
| Ingestors are those individuals that have permissions to ingest a tarball into the EESSI CernVM-FS repository, i.e. they are essentially responsible for step 3 as it is described in the [Builders](#builders) Section. | |
| Ingestors have merge permissions on the (private) `EESSI/staging` GitHub repository. | |
| Ingestors should check the contents of the tarball as it is reported in the pull requests in the `EESSI/staging` repository. This essentially provides a second check (next to that done by Deployers) on the contents of the tarball. | |
| ### 2.6 Ingesters | |
| Ingesters are those individuals that have permissions to ingest a tarball into the EESSI CernVM-FS repository, i.e. they are essentially responsible for step 3 as it is described in the [Builders](#builders) Section. | |
| Ingesters have merge permissions on the (private) `EESSI/staging` GitHub repository. | |
| Ingesters should check the contents of the tarball as it is reported in the pull requests in the `EESSI/staging` repository. This essentially provides a second check (next to that done by Deployers) on the contents of the tarball. |
To be agreed on by the Steering Committee. I think the most practical is if we keep iterating / wait until every one of us has given an approving review