Hi,
As a member I had some difficulty locating this discussion of policy.
Can you please link to it? There are a number of items detailed in this
policy that I believe will enhance the security of the Apache NiFi
community. Some of these are very similar to policies that have been
discussed by other projects in the foundation. Points 1-4 I believe are
positive steps to ensure infrequently used credentials are prevented
from write accessing the repository. I have not seen policies that auto
move committers to emeritus and require re-nomination so I'd be looking
for some prior art there to review or at least some more on list
discussion around this. I expect more PMC will be adopting these kinds
of policy and I think it's important that projects that adopt these
policy are transparent with the rationale with the community.
Sincerely,
Bob Paulin
On 8/5/2025 5:32 AM, Pierre Villard wrote:
I'm supportive of this new policy and I think we should have a similar
approach for the PMC.
Just to add some colors to the discussion, as of today we have 30
committers that are not part of the PMC. If we were to apply this
policy with the specified threshold and qualifying activities, I
_think_ this would concern:
- Andy I.C.
- Ádám Markovics
- Dániel Bakai
- Ben Qiu
- Bryan Rosander
- Denes Arvay
- Ed Berezitsky
- Kotaro Terada
- Mike Hogue
- Margot Tien
- Ricky Saltzer
- Toivo Adams
- Sivaprasanna Sethuraman
Thanks,
Pierre
Le mar. 5 août 2025 à 03:34, David Handermann
<[email protected]> a écrit :
Team,
After some positive feedback among the Project Management Committee, I
propose the following policy for additional discussion on the subject
of inactive committer status.
This policy would apply to committers, not to PMC members. Discussing
inactive PMC membership is also worthwhile, but should be considered
separately.
---
1. Committers become inactive after a period of 1 year without any
qualifying activity
2. Qualifying activities consist of the following publicly observable
contributions:
A. Submitting a pull request to any project repository
B. Reviewing a pull request in any project repository
C. Submitting an issue to a project issue tracking system
D. Commenting on an issue in a project issue tracking system
E. Sending a message to any public project mailing list
3. An authorized PMC member revokes access for an inactive committer
and sends a message to the developer mailing list announcing inactive
status with links indicating lack of activity
4. Within 1 year of becoming inactive, committers may email the PMC,
requesting return to active status, and an authorized PMC member will
restore access as requested
5. Committers become emeritus after a period of 1 year following
inactive status, which is 2 years without any qualifying activity
6. Committers with emeritus status require renomination and PMC vote to
return to active status
---
The purpose of this policy is to provide clear boundaries of time and
qualifying activities required to retain committer access to project
repositories. The move from inactive to emeritus status is a means to
recognize both the value of contributions and the reality of changes
in availability.
Based on feedback and subject to adjustments, I would like to move to
a vote on this policy soon.
Regards,
David Handermann
