Open Stack

Excerpts from Dave Walker's message of 2016-09-21 22:53:10 +0100:
> On 21 September 2016 at 22:41, Kyle Mestery <mestery at mestery.com> wrote:
> 
> > On Wed, Sep 21, 2016 at 3:35 PM, Thierry Carrez <thierry at openstack.org>
> > wrote:
> > > Chivers, Doug wrote:
> > >> My concern is with the original wording “The suggested way forward
> > there would be to remove the "Security project team"”.
> > >>
> > >> This seems like a move to instantly reduce investment in OpenStack
> > security, because the majority of members of the Security Project are
> > corporately funded, which will be significantly impacted by the removal of
> > the security project. I have no knowledge over the difference between a
> > working group and a project, like everyone else on the project we are
> > simply here to contribute to OpenStack security, drive innovation in
> > security, deliver documentation like OSSNs, etc, rather than get involved
> > in the politics of OpenStack.
> > >>
> > >> In response to the various questions of why no-one from our project
> > noticed that we didn’t have a nomination for the PTL, we assumed that was
> > taken care of. Realistically maybe two or three people on the security
> > project have the availability to be PTL, one being our current PTL, for all
> > the rest of us its simply not a concern until we need to vote.
> > >>
> > >> On a personal note, reading –dev is unfortunately a lower priority than
> > designing architectures, responding to customers and sales teams, closing
> > tickets, writing decks and on the afternoon or so I can spend each week,
> > working on my upstream projects (this week it was:
> > https://review.openstack.org/#/c/357978/5 - thanks to the Barbican team
> > for all their work). Possibly this is wrong, but I didn’t sign up as a
> > contributor to spend all my spare time reading mailing lists.
> > >
> > > So while I still think there is a slight disconnect (like, members of
> > > the security team are less often involved in other teams) that results
> > > in the Security team being more likely to miss the very few process
> > > deadlines that apply to them, I'm not convinced it justifies removing
> > > the "official" status of the team and make it a workgroup.
> > >
> > > I privately received information that explains why the PTL was not on
> > > top of things during election weeks. With ~60 teams around there will
> > > always be one or two that miss and that we must check on. It /always/ is
> > > symptomatic of /some/ disconnect. But here I'm not sure it passes the
> > > bar of "non-alignment with the community" that would make the Security
> > > team unfit to be an official OpenStack team...
> > >
> > I agree, and in times like this, it's best to use common sense rather
> > than trying to have a rule to fit everything into. In this case, Rob
> > and the security team have put forth an explanation of what happened,
> > I fail to see how removing them after this does anything other than
> > foster bad will. I would vote to keep the security team around at this
> > point.
> >
> >
> I feel bad quoting policy here... but we do have prior art for this... If
> we look at resolution, "2014-11-28 Process for Leaderless Programs"[0], we
> have policy for *exactly* this situation.. which should probably have been
> the first action rather than considering a new resolution.
> 
> For reference:
> 
>    1. Programs without a minimum of one eligible candidate are identified
>    to the Technical Committee by the Election Officials, as soon as possible
>    after the nomination period has expired.
>    2. The Technical Committee can appoint a leader to any programs in this
>    situation, by mutual agreement of the Technical Committee and the proposed
>    appointee.
>    3. The appointed leader has all the same obligations and
>    responsibilities as a self-nominated elected Program Technical Lead.
> 
> [0]
> http://governance.openstack.org/resolutions/20141128-elections-process-for-leaderless-programs.html
> 

That process is one possible outcome. It is meant for extreme
circumstances, but not as a failsafe to allow teams to bypass the
normal participation in elections.  It was started with the UX team,
where there was a clear candidate.  For the teams where no one
replied to queries before the TC meeting this week, we had no
candidates to appoint.  This and other threads on the topic have
produced candidates and, assuming they signal their intent to serve
clearly, we can move ahead.

Doug