Notice: While Javascript is not essential for this website, your interaction with the content will be limited. Please turn Javascript on for the full experience.

PEP 8002 -- Open Source Governance Survey

PEP:8002
Title:Open Source Governance Survey
Author:Barry Warsaw <barry at python.org>, Ɓukasz Langa <lukasz at python.org>, Antoine Pitrou <solipsis at pitrou.net>, Doug Hellmann <doug at doughellmann.com>, Carol Willing <willingc at gmail.com>
Status:Active
Type:Informational
Created:2018-08-24

Abstract

This PEP surveys existing and similar open source and free software projects for their governance models, providing summaries that will serve as useful references for Python's own selection of a new governance model in the wake of Guido's retirement.

Rather than an individual PEP for each of these community surveys, they will all be collected here in this PEP.

Rationale

CPython is not the first open source project to undergo a governance crisis. Other projects have experimented various governance options, sometimes several times during their existence. There are useful lessons to take away of their experience, which will help inform our own decision.

Project choice

There are many open source projects out there, but it will be most fruitful to survey those which are similar enough to CPython on a couple key metrics:

  1. the number of contributors and their activity (there are scaling issues that don't make the governance models of very small projects very enlightening for our purposes) ;
  2. being mostly or partly community-driven (company-driven projects can afford different governance options, since the company hierarchy has power over the main participants) ;
  3. being faced with important design decisions that require a somewhat formal decision process.

Rust

The governance structure is documented in Rust RFC #1068.

The effective governance process grows organically over time without being entirely codified as RFCs, especially in case of day-to-day operation details. One example is the formation of Domain Working Groups in February 2018.

Key people and their functions

In the Rust project there are teams responsible for certain areas. For language features there is a "lang team", for tooling there's "dev tools" and "Cargo", and so on. Contentious issues have facilitators to drive discussion who often aren't the decision makers. Typically the faciliators are authors of the proposed changes (see "Controversial decision process" below). They ensure all key decision makers are involved along with interested community members. They push towards an agreeable outcome via iteration.

In practice this means decisions are rarely escalated to the core team.

The most common role of a contributor is team membership. Issue triage/code review privileges without team membership is rare. Contributors have full commit access, code ownership separation is based on trust. Writing to the compiler repository is frowned upon, all changes go through pull requests and get merged by an integration bot after they were reviewed and approved.

New team members are added by nomination by an existing team member.

Regular decision process

Primary work happens via GitHub issues and pull requests. Approving a pull request by any team member allows it to be merged without further process. All merged pull requests end up in the next stable version of Rust.

Notifying relevant people by mentions is important. Listening to the firehose of e-mails for all GitHub activity is not popular.

There are planning and triage meetings open to the public happening on IRC and Discord. They are not very popular because most of work happens through GitHub. Discussions also happen on official Rust forums (https://users.rust-lang.org/ and https://internals.rust-lang.org/). There is a dedicated moderation team responsible for taking notes and enforcing code of conduct.

Controversial decision process

Larger or controversial work goes through a RFC process. It allows everyone to express their thoughts and iterates towards a resolution. At some point when all blocking concerns of relevant team members are addressed, they sign off on the RFC and it reaches a "final comment period". That does not require consensus amongst all participants, rather there should not be a strong consensus against the proposal.

After 10 days the RFC is merged unless any new blocking concerns are raised by team members. A "merge" signifies that work towards implementing the feature and integrating it can now happen without interruption. An RFC doesn't have to have a reference implementation for it to be accepted.

The other possible results of the "final comment period" are to:

  • postpone the RFC (similar to the Deferred status in PEPs),
  • get it back into discussion if blocking concerns can be addressed, or
  • close it if blocking concerns are not solvable. When an RFC is marked as closed, there is a 7 day grace period to debate whether it should be closed.

In practice registering concerns with an RFC happens very often initially but rarely causes for the RFC to be entirely killed.

This process scales well for small-contention changes and/or smaller changes. For the largest controversial changes the discussion gets unwieldy. This is a topic currently (as of August 2018) on the minds of the Rust team (see: "Listening and Trust, part 1", "Listening and Trust, part 2", "Listening and Trust, part 3", "Proposal for a staged RFC process").

Planning a new release

Every six weeks the Rust compiler is released with whatever it contained at the time. There are no LTS channels or releases yet but this concept is planned to make redistributors able to keep up with development better.

Every few years a so-called "Edition" is released. Those are milestone releases with full sets of updated documentation and tooling. They can be backwards incompatible with previous editions. External packages opt into breaking changes in their crate metadata. The Rust compiler supports all editions that existed prior to its release. Linking between crates of any supported edition is possible.

Changes in the process over time

The Rust programming language was started by Graydon Hoare who developed it as a personal project for a few years. When Mozilla started sponsoring the project, the team slowly grew with Graydon as a BDFL-style figure. He left the project in 2013. Rust functions without a BDFL since. The RFC process was put in place later. Initially some design discussions happened during closed-door weekly video meetings which was shut down in May 2015 (before the 1.0 release of Rust), organically replaced with open discussion and direct influence of teams.

The number of teams is growing in time. The number of technical decisions made by the core team is decreasing, instead those get delegated to respective teams.

The concept of a "final comment period" was introduced to encourage more public discussion and enable reacting to a change about to being made, instead of having to revert a rushed decision that was already made.

OpenStack

The OpenStack Foundation Bylaws lay out the basic structure for project governance, with Article IV delegating day-to-day management of the open source project to the OpenStack Technical Committee (TC), and The TC member policy defining broadly how the Technical Committee shall be elected. The TC publishes a set of more detailed governance documents, including the TC charter, which describes the team structure, precise rules for establishing eligibility to run for office, and criteria for establishing the various electorates.

Key people and their functions

The OpenStack community is made up of many distinct project teams, responsible for producing different components of the software (block storage management, compute management, etc.) or managing different parts of the processes the community follows (such as tracking the release schedule). Each team is led by a Project Team Lead (PTL), elected by the Active Project Contributors for that project.

Active Project Contributors (APCs) are recent contributors to a given project team. APC status formally requires two things: becoming an individual member of the OpenStack Foundation (membership is free) and having a change merged within the last year (two development cycles) in a repository managed by a project team.

The elected PTL serves a term equal to one development cycle (roughly 6 months). There is no restriction on the number of consecutive terms a person may serve as PTL, and it is common for someone to serve for several terms in a row. It is also not unusual for a team to have only one candidate volunteer to serve as PTL for a given cycle, in which case there is no need for an election.

The PTL represents the team in all cases except where they have explicitly delegated some responsibility. For example, many teams designate a separate release liaison to manage the release process for a development cycle. The PTL also serves as a final decision maker in cases where consensus cannot be reached between the team members.

While the APCs all vote for the PTL of a team, in many other cases only the core reviewer team will be consulted on policy decisions for the team. Anyone may review any patch for any OpenStack project. After someone demonstrates that they have a good grasp of the technical issues of a project, that they provide useful feedback on reviews, and that they understand the direction the project is going, they may be invited to become a member of the core review team. Unlike in many other communities, this status does not grant them the right to submit code without having it reviewed. Rather, it asks them to commit to reviewing code written by other contributors, and to participate in team decision-making discussions. Asking someone to become a member of the core review team is a strong indication of trust.

The Technical Committee (TC) is responsible for managing the development of OpenStack as a whole. The 13 members of the Technical Committee are directly elected by APCs from all project teams. Each member serves a term of two development cycles (roughly 1 year), with the elections split so that only about half of the members' terms expire at any time, to ensure continuity. The TC establishes overall policies, such as the criteria for adding new project teams, the deprecation policy for Python 2, testing requirements, etc.

Regular decision process

All elections for PTL or TC members use https://civs.cs.cornell.edu to run a Condorcet election. This system was selected because it emphasizes consensus candidates over strict popularity.

The OpenStack contributor community relies on 3 primary tools for discussion: the openstack-dev mailing list, a gerrit code review instance at https://review.openstack.org, and a set of OpenStack-specific IRC channels on Freenode. There are a few teams whose contributors are based primarily in China, and they have trouble accessing IRC. Those teams tend to use alternative platforms such as WeChat, instead.

The tool used for discussing any given decision will vary based on its weight and impact. Everyone is encouraged to use either the mailing list or gerrit to support asynchronous discussion across a wider range of timezones and and firewalls, especially for publicizing final decisions for the rest of the community.

Policy decisions limited to a single team are usually made by the core review team for a project, and the policies and decision processes may vary between teams. Some groups write down their team policies in their documentation repository, and use the code review tool (gerrit) to vote on them. Some teams discuss policies on IRC, either ad hoc or during a regularly scheduled meeting, and make decisions there. Some teams use the mailing list for those discussions. The PTL for the team is responsible for ensuring the discussion is managed and the outcome is communicated (either by doing so directly or ensuring that the task is delegated to someone else).

All team policy decisions need to be compatible with the overall policies set by the Technical Committee. Because the TC tends to make broader governance decisions that apply to the entire contributor community, the process for discussing and voting on those decisions is described more formally, including specifying the number of votes needed to pass and the minimum length of time required for discussion. For example, most motions require 1/3 of the members (5) to pass and must stay open at least 3 days after receiving sufficient votes to pass, ensuring that there is time for dissent to be registered. See the Technical Committee Charter and house rules for more details.

Significant design decisions are usually discussed by reviewing a specification document, somewhat similar to a PEP, that covers the requirements, alternatives, and implementation details. Feedback is solicited from all contributors, and then specifications are eventually approved or rejected by members of the core review team for a project. Some teams require only 2 reviewers to approve a design, while other teams require a stronger indication of consensus before a design is approved. Each team sets a deadline for approving specifications within each development cycle, to encourage contributors to work out designs for significant new features early and avoid risk from changes late in the cycle.

Smaller technical decisions are typically made by reviewing the patch(es) needed to implement the change. Anyone may review any patch and provide technical feedback, but ultimately two core reviewers for a team are needed to approve most changes (exceptions are often made for trivial changes such as typos or for fixes that unblock the CI gating system).

Controversial decision process

Controversial, or merely complicated, decisions frequently expand outside of specification reviews to mailing list discussions. They often also result in discussions at one of the regularly scheduled in-person community gatherings. Because many members of the community cannot attend these events, the discussions are summarized and final decisions are made using on-line tools as much as possible.

The PTL is responsible for deciding when consensus has been reached for decisions that affect a single team, and to make a final call in rare cases where consensus has not been reached and a decision absolutely needs to be made. The TC acts as a similar decision-making group of last resort for cases where issues between teams cannot be resolved in another way. Such escalation of decision-making ends up being rarely necessary, because the contributors directly involved generally prefer to come to a consensual agreement rather than escalate the decision to others.

Planning a new release

OpenStack has a major release about every 6 months. These are coordinated date-based releases, which include the work finished up to that point in time in all of the member projects. Some project teams release more often than every 6 months (this is especially true for teams building libraries consumed by other teams). Those smaller releases tend to be produced when there is content (new features or bug fixes) to justify them.

The schedule for each development cycle, with deadlines and a final release date, is proposed by the release management team, in coordination with the Foundation staff (releases are generally aligned with the calendar of in-person events), and then the community has an opportunity to provide feedback before the final dates are set.

Decisions about priorities for each development cycle are made at the team level and the TC level. Core review teams prioritize internal work, such as fixing bugs and implementing new features. The TC selects community goals, which usually require some amount of work from all teams. Agreeing to these priorities at the start of each cycle helps the teams coordinate their work, which is especially important because the implementation will require reviews from multiple team members.

Changes in the process over time

Over the last 8 years the number of OpenStack project teams has grown from 2 to 63. The makeup of the Technical Committee has changed to accommodate that growth. Originally the TC was made up of PTLs, but as the membership grew it became impractical for the group to function effectively.

The community also used to be organized around "program areas" rather than project teams. A program area covered a feature set, such as gathering telemetry or managing block storage. This organization failed when multiple teams of people wanted to work on the same feature set using different solutions. Organizing teams around the code they deliver allows different teams to have different interpretations of the same requirements. For example, there are now several teams working on different deployment tools.

Jupyter

The governance structure is documented in the Main Governance Document within the Jupyter Governance repo.

The effective governance process grows organically over time as the needs of the project evolve. Formal changes to the Governance Document are submitted via Pull Request, with an open period for comments. After the open period, a Steering Council may call for a vote to ratify the PR changes. Acceptance requires a minimum of 80% of the Steering Council to vote and at least 2/3 of the vote must be positive. The BDFL can act alone to accept or reject changes or override the Steering Council decision; though this would be an extremely rare event.

Key people and their functions

The key people in Jupyter's Governance are the BDFL, Fernando Perez, and the Steering Council. Contributors can be given a special status of core contributor. Some may also be Institutional Contributors, who are individuals who contribute to the project as part of their official duties at an Institutional Partner.

Fernando Perez, the project founder, is the current and first BDFL. The BDFL may serve as long as desired. The BDFL succession plan is described in the Main Governance Document. In summary, the BDFL may appoint the next BDFL. As a courtesy, it is expected that the BDFL will consult with the Steering Council. In the event that the BDFL can not appoint a successor, the Steering Council will recommend one.

Core contributors are individuals who are given rights, such as commit privileges, to act in the best interest of the project within their area of expertise or subproject. An existing core contributor typically recommends someone be given core contributor rights by gathering consensus from project leads, who are experienced core contributors as listed in the README of the project repo.

To be recommended and invited as a Steering Council member, an individual must be a Project Contributor who has produced contributions that are substantial in quality and quantity, and sustained over at least one year. Potential Council Members are nominated by existing Council members and voted upon by the existing Council after asking if the potential Member is interested and willing to serve in that capacity.

Regular decision process

Project Jupyter is made up of a number of GitHub organizations and subprojects within those organizations. Primary work happens via GitHub issues and pull requests. Approving a pull request by any team member allows it to be merged without further process. All merged pull requests end up in the next stable release of a subproject.

There is a weekly, public Project-wide meeting that is recorded and posted on YouTube. Some larger GitHub organizations, which are subprojects of Project Jupyter, e.g. JupyterLab and JupyterHub, may have additional public team meetings on a weekly or monthly schedule. Discussions occur on Gitter, the Jupyter mailing list, and most frequently an open issue and/or pull request on GitHub.

Controversial decision process

The foundations of Project Jupyter's governance are:

  • Openness & Transparency
  • Active Contribution
  • Institutional Neutrality

During the everyday project activities, Steering Council members participate in all discussions, code review and other project activities as peers with all other Contributors and the Community. In these everyday activities, Council Members do not have any special power or privilege through their membership on the Council. However, it is expected that because of the quality and quantity of their contributions and their expert knowledge of the Project Software and Services that Council Members will provide useful guidance, both technical and in terms of project direction, to potentially less experienced contributors.

For controversial issues, the contributor community works together to refine potential solutions, iterate as necessary, and build consensus by sharing information and views constructively and openly. The Steering Council may make decisions when regular community discussion doesn't produce consensus on an issue in a reasonable time frame.

Voting

Rarely, if ever, is voting done for technical decisions.

For other Project issues, the Steering Council may call for a vote for a decision via a Governance PR or email proposal. Acceptance requires a minimum of 80% of the Steering Council to vote and at least 2/3 of the vote must be positive.

The BDFL can act alone to accept or reject changes or override the Steering Council decision; though this would be an extremely rare event. As Benevolent, the BDFL, in practice chooses to defer that authority to the consensus of the community discussion channels and the Steering Council.

Planning releases

Since Project Jupyter has a number of projects, not just a single project, the release planning is largely driven by the core contributors of a project.

Changes in the process over time

The process has remained consistent over time, and the approach has served us well. Moving forward The Project leadership will consist of a BDFL and Steering Council. This governance model was a formalization of what the Project was doing (prior to 2015 when the Main Governance Document was adopted by the Steering Council), rather than a change in direction.

Django

The governance structure is documented in Organization of the Django Project.

Key people and their functions

The project recognizes three kinds of contributors. Members of the core team, the Technical Board, and Fellows. Regular core committers no longer exercise their "commit bit", instead they rely on pull requests being reviewed and accepted. The Technical Board steers technical choices. Fellows are hired contractors who triage new tickets, review and merge patches from the committers and community, including non-trivial ones.

Core team members are added by nomination and vote within the core team, with technical board veto (so far not exercised). Technical board is elected by and from the core team membership every 18 months (every major Django release). Sub-teams within the core team are self-selected by interest.

Regular decision process

Most day-to-day decisions are made by Fellows and sometimes other active core team members.

The core team votes on new members which requires a 4/5 majority of votes cast, no quorum requirement. The Technical Board has veto power. This power was never exercised

Controversial decision process

The Technical Board occasionally approves Django Enhancement Proposals (DEPs) but those are rare. The DEP process is roughly modeled after PEPs and documented in DEP 1. DEPs are mostly used to design major new features, but also for information on general guidelines and process.

An idea for a DEP should be first publically vetted on the django-developers mailing list. After it was roughly validated, the author forms a team with three roles:

  • authors who write the DEP and steers the discussion;
  • implementers who prepare the implementation of the DEP;
  • a shepherd who is a core developer and will be the primary reviewer of the DEP.

The DEP's draft is submitted, assigned a number, and discussed. Authors collect feedback and steer discussion as they see fit. Suggested venues to avoid endless open-ended discussions are: separate mailing lists, Wiki pages, working off of pull requests on the DEP.

Once the feedback round is over, the shepherd asks the Technical Board for review and pronouncement. The Board can rule on a DEP as a team or designate one member to review and decide.

In any case where consensus can't be reached, the Technical Board has final say. This was never exercised.

Differences between DEPs and PEPs

The main difference is that the entire workflow is based on pull requests rather than e-mail. They are pronounced upon by the Technical Board. They need to have the key roles identified before submission and throughout the process. The shepherd role exists to guide a DEP to completion without engaging the Technical Board.

Those changes to the process make it more distributed and workable in a governance model without a BDFL.

Planning a new release

Releases are done on a fixed time-based schedule, with a major version every 18 months. With paid Fellows to ensure the necessary work gets down, on-time releases are routine.

Changes in the process over time

Django originally had two BDFLs: Jacob Kaplan-Moss and Adrian Holovaty. They retired (Adrian's post, Jacob's post) 9 years into the project's history. Following the stepping down, the DEP process was defined.

TypeScript

The governance structure is not externally documented besides the CONTRIBUTING.md document in the main TypeScript repository.

Key people and their functions

There is a formal design team and a release management team working at Microsoft. The main person behind the project is currently Anders Hejlsberg as some of the original members of the team have left the company.

Regular decision process

Microsoft, where the project is developed, has a strong planning culture so development roadmaps are released long in advanced, notes from design discussions held at Microsoft get published quickly and meetings are sometimes broadcast using Skype.

External contributions are encouraged through pull requests on GitHub. Suggestions for new use cases or features are given by issues on GitHub. This serves like an ad-hoc PEP-like process. There is some discussion over social media (Twitter) as well.

Controversial decision process

Hejlsberg is the central figure of the project in terms of language design, sythesizing community needs into a cohesive whole. There is no formal process to externally contribute to the design of the language.

The TypeScript team filters through and integrates community suggestions. The main advantages of this setup are that there is strong and consistent design with dependable scheduling and execution. While there is transparency of intentions and plans, the disadvantage of this model is that community involvement is limited to pull requests and suggestions.

Planning a new release

Microsoft determines the release schedule, communicates dates and features well in advance. Nightly builds are usually stable (with a significant portion of users on this release form).

Versioned releases are done every 1 - 3 months, with a roadmap available on GitHub.

Changes in the process over time

TypeScript is likely the first notable project by Microsoft developed fully in the open (versus source-available).

Open-sourcing of TypeScript by Microsoft was a planned feature from the inception of the project. Before the first open release was made, the language was driven fully by needs identified by the original teams and the early in-house users. The initial open-sourcing happened via the now-defunct Microsoft CodePlex platform. It didn't have a well-defined routine of accepting external contributions. Community engagement rose significantly after the project got moved.

Astropy

Key people and their functions

The Astropy Project team's responsibilites are spread over many different roles [1], though frequently a person will have several roles.

The main body overseeing the Astropy Project is the Astropy Coordination Committee (CoCo) . Its key roles are dealing with any financial issues, approving new packages wanting to join the Astropy Project, approving or rejecting Astropy Proposals for Enhancement (APEs) [2], and generally anything that's "leadership"-oriented or time-sensitive. As of this writing, the committee has four members, and might grow or shrink as the demands on the committee change.

Regular decision process

Code-level decisions

The Astropy Project includes the core Astropy package and other affiliated packages. For the sake of simplicity, we will avoid discussing affiliated packages, which can have their own rules. Therefore, everything below will concern the core Astropy package.

The core Astropy package is organized as sub-packages. Each sub-package has an official maintainer as well as one or more deputies, who are responsible for ensuring code is reviewed and generally architecting the subpackage. Code-level decisions are therefore made in GitHub issues or pull requests (PRs), usually on the basis of consensus, moderated by the maintainer and deputies of that sub-package.

When there is specific disagreement, majority vote of those who are involved in the discussion (e.g. PR) determines the winner, with the CoCo called on to break ties or mediate disagreements.

Non-code decisions

Non-code decisions (like sprint scheduling, bugfix release timing, etc) are usually announced on the astropy-dev mailing list [3] with a vote-by-message format, or a "if there are no objections"-style message for highly uncontroversial items. In general, on astropy-dev the expectation is a concrete proposal which other members are welcome to comment or vote on.

Voting

Voting usually involves either using the +1/-1 format on GitHub or the astropy-dev mailing list. There, any interested person can vote regardless of their official role in the project, or lack thereof. Furthermore, there is no veto mechanism for the CoCo to override decisions of the majority.

Controversial decision process

Simpler controversial decisions are generally discussed on the astropy-dev mailing list [3], and after a reasonable time either there is a clear consensus/compromise (this happens most of the time), or the CoCo makes a decision to avoid stalling.

More complicated decisions follow the APE process, which is modeled after the PEP process. Here, the CoCo makes the final decision after a discussion period, open to everyone, has passed. Generally the CoCo would follow the consensus or majority will.

Ethical issues

The Project has an Ombudsperson who ensures there is an alternate contact for sensitive issues, such as Code of Conduct violations, independent from the Coordination Committee. In practice, the CoCo, the Community engagement coordinators and the Ombudsperson would work together privately to try and communicate with the violator to address the situation.

Planning a new release

The major release timing is on a fixed schedule (every 6 months); whatever is in at that time goes in.

Changes in the process over time

The CoCo and the "Open Development" ethos came from the inception of the Project after a series of votes by interested Python-oriented astronomers and allied software engineers. The core results of that initial discussion were embodied in the Vision for Astropy document [4].

The existence of the formal roles and most of the rest of the above came as evolutionary steps as the community grew larger, each following either the APE process, or the regular process of a proposal being brought up for discussion and vote in astropy-dev [3]. In general all evolved as sort of ratification of already-existing practices, only after they were first tested in the wild.

Self-appreciation

The fact that anyone who has the time can step in and suggest something (usually via PR) or vote on their preference, leads to a sense that "we are all in this together", leading to better-coordinated effort.

Additionally, the function of the CoCo as mostly a tie-breaking body means that there's no sense of a dictator who enforces their will, while still giving clear points of contact for external organizations that are leery of fully-democratic governance models.

References

[1]Astropy roles and responsibilites https://www.astropy.org/team.html
[2]Astropy Proposals for Enhancement https://github.com/astropy/astropy-APEs
[3](1, 2, 3) Astropy-dev mailing list https://groups.google.com/forum/#!forum/astropy-dev
[4]Vision for a Common Astronomy Python Package https://docs.astropy.org/en/stable/development/vision.html

Bonus: Microsoft

Despite the selection process for "relevant projects" described above, it is worthwhile considering how companies that are held financially accountable for their decisions go about making them. This is not intended as a readily-usable model for Python, but as additional insight that may influence the final design or selection.

This section is not taken from any official documentation, but has been abstracted by Steve Dower, a current Microsoft employee, to reflect the processes that are most applicable to individual projects in the engineering departments. Role titles are used (and defined) rather than identifying specific individuals, and all names are examples and should not be taken as a precise description of the company at any particular time in history.

This is also highly simplified and idealised. There are plenty of unhealthy teams that do not look like this description, and those typically have high attrition (people leave the team more frequently than other teams). Teams that retain their people are usually closer to the model described here, but ultimately everything involving humans is imperfect and Microsoft is no exception.

Key people and their functions

Microsoft has a hierarchy that ultimately reports to the CEO. Below the CEO are a number of organisations, some of which are focused on engineering projects (as opposed to sales, marketing or other functions). These engineering organisations roughly break down into significant product families - for example, there has been a "Windows group", an "Xbox group", and a "server and tools group". These are typically led by Executive Vice Presidents (EVPs), who report to the CEO.

Below each EVP are many Corporate Vice Presidents (CVPs), each of which is responsible for one or more products. This level is where the hierarchy becomes relevant for the purposes of this PEP - the CEO and EVPs are rarely involved in most decision processes, but set the direction under which CVPs make decisions.

Each product under a CVP has a team consisting of Program Managers (PMs) and Engineering Managers. Engineering Managers have teams of engineers who are largely uninvolved in decision making, though may be used as specialists in some cases. For the rest of this section, Engineering refers to anyone from the engineering team who is contributing with a technical-focus, and PM refers to anyone from the program management team contributing with a customer-focus. After decisions are made, Engineering does the implementation and testing work, and PM validates with users that their problem has been solved.

(This is actually a huge simplification, to the point where some people in these roles are offended by this characterisation. In reality, most people in PM or Engineering do work that crosses the boundary between the two roles, and so they should be treated as a term describing the work that somebody is doing in the moment, rather than an identifier or restriction for a person.)

Teams generally represent a feature, while the CVP represents a product. For example, Visual Studio Code has a CVP who is ultimately responsible for decisions about that product and its overall direction (in the context set by their EVP). But many teams contribute features into Visual Studio Code.

For complete clarity, the CEO, EVPs, and CVPs do not ever directly modify source code. Their entire role is to provide direction for whoever is immediately below them and to adjudicate on controversial decisions.

Regular decision process

Changes to product code that are not visible to external users are made solely by Engineering. Individual engineers will be assigned tasks by a designated engineering manager, or may self-assign. Promotion to increasingly senior positions generally reflects trust in the individual's decision-making ability, and more senior engineers are trusted to make decisions with less validation from the rest of the team. Most bugs are covered by this process (that is, fixing a user-visible problem without changing the intended experience is an Engineering decision).

Decisions affecting users of a particular feature are made by the PM team for that feature. They will use whatever data sources available to identify an issue, experiment with alternatives, and ultimately prepare a design document. Senior members from PM and Engineering will review designs to clarify the details, and ultimately an artifact is created that the feature team agrees on. Engineering will use this artifact to implement the work, and PM will later use this artifact to validate that the original issue has been resolved.

Senior members of Engineering and PM teams for a feature are expected to make decisions in the spirit of the direction set by their CVP. Teams have regular meetings with their CVP to discuss recent decisions and ensure consistency. Decisions that are not obviously in line with CVP expectations are escalated to the controversial process.

Controversial decision process

When decisions require cross-team coordination, or do not obviously align with previous CVP guidance, teams will escalate decision making. These often include decisions that involve changing direction, attempting to reach a new or different group of users, deprecating and removing significant features (or on a short timeframe), or changes that require quick releases.

In general, CVPs are not intimately familiar with all aspects of the feature team's work. As a result, the feature team must provide both a recommendation and sufficient context for the decision that the CVP can decide without additional knowledge. Most of the time, the first attempt results in a series of questions from the CVP, which the team will research, answer and attempt the decision again at a later date.

Common questions asked by CVPs are:

  • how many users are affected by this decision?
  • what is the plan for minimizing impact on current users?
  • how will the change be "sold"/described to potential users?

CVPs are expected to have a strong understanding of the entire field, so that they can evaluate some questions for themselves, such as:

  • what similar decisions have been made by other projects within Microsoft?
  • what other projects have plans that may impact this decision?
  • what similar decisions have been made by projects outside Microsoft?
  • do users need it?
  • is it in line with the direction set by their EVP?

Decisions made by CVPs are generally arbitrary and final, though they typically will provide their rationale.

Planning a new release

Releases involve coordinating a number of feature teams, and so rarely attempt to include input from all teams. A schedule will be determined based on broader ecosystem needs, such as planned events/conferences or opportunities to take advantage of media attention.

Teams are informed of the release date, the theme of the release, and make their own plans around it following the above decision making process. Changing the release date is considered a controversial decision.

Acknowledgements

Thank you to Alex Crichton from the Rust team for an extensive explanation of how the core team governs the project.

Jeremy Stanley, Chris Dent, Julia Kreger, Sean McGinnis, Emmet Hikory, and Thierry Carrez contributed to the OpenStack section.

The Project Jupyter Steering Council created the Main Governance Document for Project Jupyter, and Carol Willing summarized the key points of that documennt for the Jupyter section.

Thank you to Carl Meyer from the Django team for explanation how their project's governance is set up.

The TypeScript and Swift sections were created after conversations with Joe Pamer and Vlad Matveev. Thanks!

Answers about the Astropy project were kindly contributed, in significant detail, by Erik Tollerud and reviewed by other members of the project.

Annex 1: Template questions

The following set of questions was used as a template to guide evaluation and interaction with the surveyed projects:

  1. Do you have any open documentation on how the governance model is set up?
  2. How does the process look like in practice?
    • Who are the key people?
    • What "special statuses" can contributors have?
    • How are they elected/how are the statuses assigned?
    • How are regular decisions made?
    • How are controversial decisions made?
    • Is there a voting mechanism? how does it work? how often do votes actually happen?
    • Is there a veto mechanism? how often was it actually used?
  3. How do you like the process?
    • Which parts work well?
    • Which parts could work better?
    • When it doesn't work well, how does it look like?
    • What would you change if it were only up to you?
  4. Related project work:
    • How do you decide when a release happens and what goes into it?
    • How do you decide who gets commit access?
    • Where do you hold discussions? (GitHub, mailing lists, face-to-face meetings, and so on)
    • Do you have a RFC/PEP-like process?
    • Who has access to those discussion channels?
    • How is this access granted/revoked?
    • Who moderates those discussions?
    • Do you (and how) censure participants and how?
  5. Process evolution
    • How did this process evolve historically?
    • How can it be changed in the future?
Source: https://github.com/python/peps/blob/master/pep-8002.rst