brew/docs/Homebrew-Governance.md
Issy Long 88dd349fd3 Homebrew-Governance: Our 501(c)3 is empty
- [The Open Collective Foundation is dissolving](https://opencollective.com/foundation/updates/announcement-we-are-dissolving-open-collective-foundation-at-the-end-of-this-year).
- So we spent the money that we had in the 501(c)3 that it was holding.
- Tell people to submit future expenses to the 501(c)6.
2024-06-17 13:56:10 +01:00

15 KiB

Homebrew Governance

1. Definitions

  • The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.
  • PLC: Project Leadership Committee
  • TSC: Technical Steering Committee
  • AGM: Annual General Meeting
  • An ordinary resolution requires a majority of the votes cast.
  • A special resolution requires a two-thirds supermajority of the votes cast.
  • Primary repositories: the three highest-traffic, security-critical repositories in the Homebrew project:

2. Members

  1. New members (unless nominated as maintainers, see below) will be admitted by an ordinary resolution of the PLC and added to the Homebrew organisation on GitHub.

  2. Members are expected to remain active within Homebrew. Members who are not active maintainers or active committee members must affirm their continued interest in Homebrew membership annually by voting on annual measures, even if voting abstention. Inactive, non-affirmed, non-voting members will be removed within 14 days after the annual meeting unless excused by the PLC.

  3. A member may be removed from Homebrew by an ordinary resolution of the PLC. A removed member may be reinstated by the usual admission process.

  4. All members will follow the Homebrew Code of Conduct. Changes to the code of conduct must be approved by the PLC.

  5. Members should abstain from voting when they have a conflict of interest not shared by other members. No one may be compelled to abstain from voting.

3. General Meetings of Members

  1. A general meeting of the members may be called by either an ordinary resolution of the PLC or a majority of the entire membership. The membership must be given at least three weeks' notice of a general meeting. The Annual General Meeting should be conducted in person and may provide online video conferencing for those unable to attend. Other general meetings should be an online video conference.

  2. The quorum to vote on resolutions and elections at a general meeting is 3 voting members or 10% of the voting members, whichever is greater. A general meeting with no business except voting should be asynchronous. Otherwise, it must be a synchronous online video conference. The voting will occur using an online voting system chosen by the PLC. The voting period closes after one week or after the outcome of the vote would not be changed by any subsequent votes. If a synchronous meeting is happening, the meeting must occur before the votes can be tallied.

  3. Homebrew members will meet at the annual general meeting (AGM) in a manner determined by the PLC.

  4. Elections will be held at the AGM.

  5. The PLC will announce candidates and proposals three weeks prior to the election date.

  6. Members should cast their vote any time up to three weeks prior to the election date.

3.1. Amendments to these bylaws

  1. These bylaws must only be amended by a special resolution at a general meeting of the members.

  2. Any member may propose an amendment via pull request on GitHub against this document. Proposed amendments may be merged for consideration in aggregate with other amendments once more than half of the PLC has approved the pull request.

  3. Members must vote on any amendments. All votes will be tallied. Voting will open for three weeks once one or more amendment proposals are accepted unless the AGM is within one month, in which case the proposed amendments will be voted on at the same time as elections.

  4. Any approved amendments will take effect three weeks after the close of voting.

4. Project Leadership Committee

  1. The financial administration of Homebrew, organisation of the AGM, enforcement of the code of conduct and removal of members are performed by the PLC. The PLC will represent Homebrew in all dealings with Open Collective.

  2. The PLC consists of five members, one of whom is the Project Leader. The other committee members are elected by Homebrew members in a Meek Single Transferable Vote election using the Droop quota. Each PLC member will serve a term of two years or until the member's successor is elected. The maximum number of consecutive terms a (non-PL) PLC member can serve is two, even if this means they have no successor. Any sudden vacancy in the PLC will be filled by the usual procedure for electing PLC members at the next general meeting, typically the next AGM.

  3. When a PLC seat is up for election or is vacant, any member may become a candidate for the PLC by providing a brief statement in the #members channel in Homebrew's Slack expressing relevant experience and intentions if elected no later than three weeks before the AGM. The PLC will maintain the candidate list until ballots are sent out one week before the AGM, during which time members should cast their votes. Candidates should deliver remarks in writing or verbally before or during the AGM but votes already cast are not changeable. The current PLC should vote on and publish a statement recommending their preferred candidates within the three-week period between the candidate deadline and the AGM.

  4. The PLC must report all minutes, participants in discussions and breakdowns of any votes cast to Homebrew members in the Homebrew/homebrew-governance-private GitHub repository no later than one week after the action has been taken. At the AGM, the PLC must present a summary of their activities and decisions since the last AGM. Financial statements can be viewed by anyone on the internet on Homebrew's OpenCollective.

  5. No more than two employees of the same employer may serve on the PLC.

  6. A member of the PLC must only be removed from the PLC by a special resolution of the membership.

  7. All members of the PLC will be “billing managers” and "moderators" of the GitHub organisation and any related resources (e.g. Slack, 1Password where possible).

  8. One member of the PLC other than the PL will have an Owner role in the GitHub organization and any related resources. The PLC will choose this person, with preference given to any PLC members who are current Homebrew maintainers. If no PLC members are Homebrew maintainers, any PLC member qualifies for the Owner role.

5. Meetings of the Project Leadership Committee

  1. All members of the PLC must meet by synchronous video call or in person at least once per year. This meeting should be in person at the AGM with at least two months' notice.

  2. The quorum to vote on resolutions of the PLC is a majority of its members. In an electronic vote, a voting period of one week replaces the quorum requirement. Any approved resolution will take effect immediately.

  3. A majority of the entire membership of the PLC is required to pass an ordinary resolution.

  4. The PLC will annually review the status of all members and remove members who did not vote in the AGM and then did not re-affirm a commitment to Homebrew. Voting in the AGM confirms that a member wishes to remain active with the project. After the AGM, the PLC will ask the members who did not vote whether they wish to remain active with the project. The PLC removes any members who don't respond to this second request after three weeks.

  5. The PLC will appoint the members of the TSC.

  6. Any member may refer any financial questions, AGM questions or code of conduct violations to the PLC. All technical matters must instead be referred to the Project Leader and technical disputes to the TSC. Members will make a good faith effort to resolve any disputes with compromise prior to referral to the PLC, Project Leader or TSC.

6. Project Leader

  1. The Project Leader will represent Homebrew publicly, manage all day-to-day technical decisions, and resolve disputes related to the operation of Homebrew between maintainers, members, other contributors, and users.

  2. The Project Leader will be elected every two years by Homebrew members in a Schulze Condorcet method (aka 'beatpath') election. The PLC will nominate at least one candidate for Project Leader. Any member may nominate a candidate, or self-nominate. Nominations must be announced to the membership three weeks before the AGM.

  3. Any vacancy of the Project Leader will be filled by appointment of the PLC.

  4. A technical decision of the Project Leader may be overruled by an ordinary resolution of the TSC.

  5. A non-technical decision of the Project Leader may be overruled by an ordinary resolution of the PLC.

  6. The Project Leader must only be removed from the position by a special resolution of the membership.

  7. The Project Leader must be included in all PLC communications with or about Open Collective and in all communications related to joint responsibilities.

  8. The Project Leader must be a maintainer, not just a member.

  9. The Project Leader will be an "Owner" of the GitHub organization, Slack, 1Password and any related resources.

7. Technical Steering Committee

  1. The TSC has the authority to decide on any technical disputes between any maintainer and the Project Leader. Disputes not involving the Project Leader must be addressed through the Project Leader.

  2. The PL is one member of the TSC. The PLC will appoint between three and five maintainers to be members of the TSC. PLC members should not be any of these appointees. Appointed TSC members will serve a term of one year or until the member's successor is appointed.

  3. Any member may refer any technical question or dispute to the TSC. Members will make a good faith effort to resolve any disputes with compromise prior to referral to the TSC.

  4. No more than two employees of the same employer may serve on the TSC.

  5. A member of the TSC, except the Project Leader, must only be removed from the TSC by an ordinary resolution of the PLC.

  6. All members of the TSC will be "moderators" of the GitHub organisation.

  7. One member of the TSC (not the PL) will be an "Owner" of the GitHub organisation, Slack, 1Password and any related resources.

8. Maintainers

  1. All maintainers are automatically members. Some, not all, members are maintainers.

  2. Maintainers are members with commit/write-access to at least one primary repository.

  3. New maintainers can be nominated by any existing maintainer. To become a maintainer, a nomination requires approval from one of the PL or any member of the TSC with no opposition from any of these people within a 24-hour period, excluding 19:00 UTC on Friday until 19:00 UTC on the following Monday. If there is opposition, the TSC must vote on the nomination in the #tsc private Slack channel, with the vote closing after one week or after the outcome of the vote would not be changed by any subsequent votes (such as when a majority of the TSC has voted in favour or against). The nomination will succeed by a simple majority vote of the votes cast.

  4. In accordance with Homebrew's organisational security posture, which requires operating under the principle of least privilege, the PL will review maintainers' write/commit access no later than six weeks before the AGM. The PL will remove maintainer privileges from those who have not consistently met these criteria:

  • having more contributions to primary repositories than the majority of non-maintainer contributors in at least one of these repositories
  • reviewing and merging of PRs of other maintainers and contributors in primary repositories
    • the PL will exclude from consideration non-essential pull requests submitted and merged by the same person
  • reviewing any direct GitHub review requests or GitHub reviews for any sub-teams they are part of (e.g. Homebrew/linux) in any repository in the Homebrew organisation
  • responding to direct mentions on GitHub and direct mentions in Slack from the PL and other maintainers
  • maintaining a positive working relationship with the PL and other maintainers
  • engaging actively to resolve conflict with the PL or other maintainers, with a neutral intermediary upon request

Maintainers who do not fulfil these requirements will be removed as a maintainer but may remain a member if they wish.

The PL will not consider the following activities because they do not require commit or write access on security-critical repositories:

  • contributions to the wider Homebrew organisation, repositories excluding the main, security-critical repositories, or the greater Homebrew ecosystem
  • contributions in previous years as a maintainer or contributor
  • contributions to the governance documents, the PLC, GSoC, MLH, social media, Homebrew's discussion forum, etc.

If a maintainer wishes to appeal their removal, they may request a TSC review of the decision. This appeal must be lodged within 72 hours of removal. The appellant will confirm their intent to address any unfulfilled criteria which caused the removal. The TSC will review the decision within one week. A member of the TSC, who is not the PL, will respond immediately upon upholding or reversing the decision. The PL will restore access as soon as is feasible if the TSC votes to reverse the removal. If the TSC or PL feels that the maintainer has not made sufficient progress on the criteria for any reversed removal, they may request a second TSC review no sooner than 30 days after the initial reversal. The TSC or PL may request a review in the event of noticeable no communication inactivity or unresponsiveness. The TSC will consider appeals no more than once per quarter per maintainer until the next AGM. The TSC will not consider any maintainer removal review until three months after the 2023 AGM.

In emergency situations, including but not limited to malicious commits, suspicious activity, abuse of resources, or any action or activity that could harm the security posture of the Homebrew codebase, systems, or organisation, the PL or anyone with the capability to remove privileges should remove any or all of a maintainer's access rights (e.g. to GitHub, Slack, 1Password, etc.). Upon doing so, they must inform the PLC and the TSC. The PLC will discuss the situation. The TSC will review the removal of any maintainer removed under this clause within two weeks and instruct the PL to restore the maintainer's privileges only if the situation is resolved. This is considered to be the maintainer removal appeal process, as mentioned above. The TSC will document the situation in an incident report to be shared with members and recommend changes to security settings, maintainer policy, this governance document or any additional measures required to prevent the situation from occurring again.