Kubernetes and kubernetes-sigs org membership should be equivalent #966
Comments
|
This is residue leftover from kubernetes-incubator not having as high of a bar for admission. I am unclear on whether the other orgs were in a similar situation. I'd rather we explicitly reconcile that, and then say, excluding kubernetes-incubator, membership in one is criteria enough for membership in all. |
|
@spiffxp -- what would be the concrete action items to determine our bar and reconcile admission? |
|
At minimum perhaps joining / being sponsored into github.com/kubernetes should imply membership into github.com/kubernetes-sigs if the bar is in fact somehow "lower"? |
|
@justaugustus to me, reconcile means:
we can then treat kubernetes org as the source of truth, add to it by default regardless of what other orgs are requested, and consider trying to mirror org membership across orgs (ref: https://github.com/kubernetes/test-infra/issues/13107) |
|
@nzoueidi -- Is this something you'd be able to work on? |
|
yep, thank you @justaugustus for pinging me. /assign |
|
Before we get started on actual reconciling work, we need consensus on the plan. I'm not entirely convinced that @spiffxp's plan is all we need to take care of.
I'm not saying we necessarily need to untangle all of that, but we do need to discuss and address "if we care" about those things. I guess maybe a good first start is identifying how many users are we talking about.. how many users do we have that are in one of the subsidiary orgs (-incubator, -client, -sigs, -csi), but not in the primary org. |
|
Agree that we need consensus 🙃 Regarding these specific points:
Which security perspective, exactly? Are we just talking about org membership here or rights beyond that like being a repo admin or OWNER? I don't think this issue has anything to do with the extended permissions or OWNERS, and the former (merely being an org member) is not really a viable "security" bar... Again not sure if you meant this, but we should deal with those extended permissions, just not here, that's a bit orthogonal.
I'm unable to parse what the issue is here. Can you elaborate please? |
|
Man, I didn't do a great job explaining what I meant in that last comment haha.
So my thought was, we shouldn't grant new permissions to inactive folks. I don't want to auto or mass invite someone from k-sigs to k/ if they're inactive, or vice versa. Culling inactive folks prevents this.
Okay, so Alice, Bob, and Charlie:
This is more a mental exercise than a major concern (knowing that the bar is pretty low to get in), but I just want to flush out all these angles before we set a policy. |
|
Ah I understand now, thanks! Culling inactive members makes sense in that context. For "Alice, Bob, and Charlie" one of the suggestions above was to replicate from the main org out, in which case I don't think any of those concerns apply. I currently think only joining github.com/kubernetes should imply membership / invites for other orgs (namely github.com/kubernetes-sigs) and require some sponsorship. The other orgs are sort of special cases as far as I know, and anyone wanting to be in kubernetes + kubernetes-sigs should apply to be a project member / kubernetes -> both. In that case:
They can invite people to kubernetes-sigs maybe (if we do think we need a lower bar and seperate process there?), but no short cutting the normal membership progress for Kubernetes (the main org). If they get sponsored to join Kubernetes they should also be invited to whatever other orgs we are actively encouraging new projects to exist in (including kubernetes-sigs). WDYT? I think that's pretty simple and solves the standard case of "I'd like to join the project to work on <things> and I have <appropriate sponsors and existing work>." => get invited to our active orgs at once instead of applying once per org. We can encourage new members to follow this route. It might be reasonable to treat Kubernetes as the one with a "higher bar" during the switch, but for future membership this seems pointless. I'm not super convinced we need a lower bar for joining any of the orgs going forward. I think that just complicates things and I'm not sure why it would be valid. E.G.
If subproject A is a valuable SIG project I don't see why Bob wouldn't be eligible to be a Kubernetes member, as long as they have appropriate sponsors and follow the process. Do we have a requirement that you need to work on N projects or certain "better" projects? |
|
@BenTheElder -- I think the implication @cblecker was trying to make was that because Bob's membership was not vetted/sponsored that the chain of people he may sponsor afterwards could be considered "tainted". |
|
@justaugustus I don't think bob's status is in question if we are having people join Kubernetes, sponsored by Kubernetes org members (and additionally gaining kubernetes-sigs invites) -- bob never was and still won't be eligible to sponsor for github.com/kubernetes and we don't need to propogate membership in the reverse direction. We can just suggest that people who aren't in Kubernetes yet should apply through the existing process. I'm not sure why a lower bar needs to exist, the current bar for github.com/kubernetes seems relatively low... Interested in counterpoints :-) |
It doesn't need to exist. But if we are going to explicitly say "It doesn't exist" then as I said, we just need to tackle all the angles. Will review again tomorrow when my brain works better lol |
|
(Also, fuzzy-brained on this :/) |
|
Just to provide some data, here is a spreadsheet of the current membership data (as of 2019-07-16 6pm ET) across orgs. https://docs.google.com/spreadsheets/d/1crsIfA-PhjKYDiX4klsX4zhtL1XU2MVG5JPso2I27Vc/edit#gid=0 Some interesting observations:
For reference - I used a terrible yq/jq command to generate the raw column data 😬 |
|
/priority important-soon |
k8s-ci-robot
added
the
priority/important-soon
spiffxp
added
the
sig/contributor-experience
|
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
k8s-ci-robot
added
the
lifecycle/stale
|
/remove-lifecycle stale |
|
/milestone v1.23 |
|
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
|
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
k8s-ci-robot
added
lifecycle/rotten
|
/remove-lifecycle rotten |
k8s-ci-robot
removed
the
lifecycle/rotten
|
Another example of the friction this introduces kubernetes/test-infra#24814 (comment) |
|
I still think we should just make these equivalent and automatically add users to both organizations. Projects are semi-arbitrarily in one org or the other as a matter of history and working on many things involves code spanning both orgs. |
|
They are equiv now, but nothing automatic for adding users. |
Membership across orgs is now equivilant. When joining a Kubernetes GitHub Org, you are now joining the Kubernetes project and have implicit membership in the other active orgs. ref: kubernetes/org#966
Membership across orgs is now equivalent. When joining a Kubernetes GitHub Org, you are now joining the Kubernetes project and have implicit membership in the other active orgs. ref: kubernetes/org#966
Membership across orgs is now equivalent. When joining a Kubernetes GitHub Org, you are now joining the Kubernetes project and have implicit membership in the other active orgs. ref: kubernetes/org#966
Membership across orgs is now equivalent. When joining a Kubernetes GitHub Org, you are now joining the Kubernetes project and have implicit membership in the other active orgs. ref: kubernetes/org#966
|
@mrbobbytables Just checked I am not a member of kubernetes but kubernetes-sigs per this comment I should have been auto-added:
|
|
@zvonkok we are not doing any automatic syncing the orgs. The policy is changed so that you are no longer applying to a specific org, you are applying to be a member of the project . If you are a member of one org you can join the others without sponsors or going through further due-diligence. E.g. if you're currently a member of kubernetes-sigs and want to be a member of kubernetes, you can open a PR adding yourself (following our commit msg structure) or fill out a form requesting it and it'll be processed in the next batch. |
|
Changes have been merged into our membership guidelines: EDIT: accidentally hit the button too soon. With the changes merged, I'm going to go ahead and close out this issue. 👍 /close |
|
Should we do a one time catchup sync? |
Membership across orgs is now equivalent. When joining a Kubernetes GitHub Org, you are now joining the Kubernetes project and have implicit membership in the other active orgs. ref: kubernetes/org#966
Membership across orgs is now equivalent. When joining a Kubernetes GitHub Org, you are now joining the Kubernetes project and have implicit membership in the other active orgs. ref: kubernetes/org#966 Signed-off-by: cpanato <[email protected]>
Membership across orgs is now equivalent. When joining a Kubernetes GitHub Org, you are now joining the Kubernetes project and have implicit membership in the other active orgs. ref: kubernetes/org#966 Signed-off-by: cpanato <[email protected]>
* Update github org membership requirements Membership across orgs is now equivalent. When joining a Kubernetes GitHub Org, you are now joining the Kubernetes project and have implicit membership in the other active orgs. ref: kubernetes/org#966 Signed-off-by: cpanato <[email protected]> * rename CONTRIBUTORS to CONTRIBUTING Signed-off-by: cpanato <[email protected]> * small update in the readme Signed-off-by: cpanato <[email protected]> * add initial community membership document Signed-off-by: cpanato <[email protected]> * update Dan and Bob company affiliations Signed-off-by: cpanato <[email protected]> * update readme Signed-off-by: cpanato <[email protected]> Co-authored-by: Bob Killen <[email protected]>
We currently state policy that membership in the
kubernetesorg, makes you implicitly eligible for membership to our other non-private orgs, includingkubernetes-sigs.To quote @BenTheElder:
I think that membership at least to those two orgs should be equivalent.
WDYT, @kubernetes/owners?
ref: https://kubernetes.slack.com/archives/C1TU9EB9S/p1561131100303800
The text was updated successfully, but these errors were encountered: