[Governance Review] Flatcar

[miao0miao]

Per discussion regarding Flatcar due diligence on the 19th April 20232 with @mauilion @nikhita I opened this governance review request.

Project Name: Flatcar

Github URL: https://github.com/flatcar/Flatcar
cncf/toc#991 (applying for incubation)

[geekygirldawn]

Hello, thank you for creating this issue to do a governance review for your project as part of the process to become a CNCF Incubating project!

After a quick review of your existing governance file, my general impression is that it's too minimal and is missing quite a few of the things we expect to see in in a GOVERNANCE.md file for a CNCF project at the incubating level.

Since you have a maintainer governance model now, I think your best bet would be to implement the CNCF governance by maintainer template before we do a full review of your governance, since most of what we would ask you to do can be found in the template. Here's what you'll need:

• how-to guide for using this template
• template for a maintainer governance model

If you have any questions at all, you can ask in the CNCF #tag-contributor-strategy Slack channel or drop into one of our meetings.

Please let me know when you've updated your governance and are ready for another review.

Good luck with your CNCF Incubating application! 🎉

[jberkus]

The How-to Guide is here: https://contribute.cncf.io/maintainers/templates/governance-maintainer/

[miao0miao]

Thank you for all the help and fast response. We are on it! I will share the new governance once we finalize it.

[miao0miao]

Hi all,
we changed our repo and adopted the CNCF CoC, we updated governance.md and added the following:

• CONTRIBUTING.md
• SECURITY.md
  Apologies for the long delay!
  Danielle

[t-lo]

Hello TAG Contributor Strategy,

Thanks again for your help and for the valuable pointers you've provided. The Maintainer governance model indeed best reflects our processes.
Also, we're very sorry for the long silence and will be more responsive in the future.

We've made the following changes to our main repository:

• Adapted the CNCF maintainer governance structure to our governance.md and defined the level of contributions at which maintainership can be gained. This is aligned with actual levels of contribution displayed by contributors who became maintainers.
• Switched to the CNCF Code of Conduct. This includes replacing our previous CoC with a reference to the CNCF one in CODE_OF_CONDUCT.md as well as updating documents that mention the CoC. Please let us know whether this works for you or if you'd prefer us to put a plain copy of the CoC into our repo instead of referencing the original.
• We updated and significantly extended our contribution guidelines in CONTRIBUTING.md based on CNCF recommendations.
• We elaborated on our security processes and added a brief discussion of the tasks and duties expected from security team members to SECURITY.md
• Lastly, we polished our README.md landing page to accurately reflect the new content.

Huge pardon again for the delay. It would be awesome if a TAG member could have another look.

[jberkus]

Flatcar folks:

This looks good. TAG-Security should comment on your security files.

So, +1 from TAG-CS Governance WG.

Minor nit: Mishi Chowdry is no longer with the CNCF, CoC reports should escalate to [email protected]. I'm checking now to see if Mishi is still in our templates anywhere.

[t-lo]

Minor nit: Mishi Chowdry is no longer with the CNCF, CoC reports should escalate to [email protected]. I'm checking now to see if Mishi is still in our templates anywhere.

Fixed, thank you for the review!

We're working with TAG security on a security review and we'll make sure SECURITY.md is vetted accordingly in the process. Thanks again for reviewing, much appreciated!

[jberkus]

Please give us a link to the due dilligence, so that we can link the review from there.

[t-lo]

[done on slack ☝️ ]

[aliok]

/assign

I am going to fill the governance review template (TODO: link) and provide a governance review report.

In the mean time, I will also "test" how well the template works.

[aliok]

@t-lo I can't find the link to the due dilligence on public #tag-contributor-strategy Slack channel.
Can you share it there please?

(based on my assumption it is not a private document at this stage of the application)

[t-lo]

@aliok Followed up on Slack. I'll take a TODO to clarify on the public / private status of the doc to reduce friction in future engagements.

[t-lo]

@jberkus We've briefly touched on a social media announcement when Flatcar officially passes Governance review - please feel free to tag @flatcar on twitter and @[email protected] on Mastodon in that announcement so we can retweet.

[t-lo]

(Just to not leave any loose ends; we shared the doc with Ali on Slack)

[jberkus]

@t-lo TAG-Contributor Strategy doesn't do those kinds of announcements; I'm not sure what gave you the impression that we did.

[t-lo]

@jberkus sorry for that, I might have misunderstood that part in the TAG meeting and drew the wrong conclusions. Please pardon the confusion.