Make the governance policy for this repo clear #1856
Conversation
|
What is the reason to request two approvals for a PR? |
It is mostly the same to the unwritten rule in this repo. Most of our merged PRs have two approvers, or one approver and another merger. I personally think that it's a good habit to keep the project secure. We can assume that at least multiple people made judgement on its implementation and maintainability. We can also avoid the situation like "one strong committer" drives everything so no decision is open nor understandable. |
GOVERNANCE.md
Outdated
|
|
||
| Both SpotBugs Core Team and SpotBugs user can propose changes to the SpotBugs project via GitHub pull requests. Refer to `.github/CONTRIBUTING.md` to know more detailed requirements for your proposal. | ||
|
|
||
| Once a pull request gets two approvals from members of SpotBugs Core Team, pull request will be merged and shipped in the next release. Approver should not be the same as the author(s) of the change. |
There was a problem hiding this comment.
Approver should not be the same as the author(s) of the change.
This is contradictory to the current state / your comment:
It is mostly the same to the unwritten rule in this repo. Most of our merged PRs have two approvers, or one approver and another merger.
Currently if we have author from committers, we only want one more approval.
With this proposal, we will need two approvals - one more as today.
There was a problem hiding this comment.
Yes, this is a challenge as noted at https://github.com/orgs/spotbugs/teams/everyone/discussions/9?from_comment=4#discussion-9-comment-4
I think it's reasonable change for governance, how do you think?
There was a problem hiding this comment.
I don't think so. One can't force people to do this if they don't want or can't. I see mostly you and ThrawnCA active, and while I'm still there, I simply have no time to spent on reviews, especially if they are for features I'm not interested personally (lile gradle support etc). So by forcing two additional reviews you force me to do something I won't, and as a result I will be unhappy and feel me bad because on the one side I know your work waits for my review but on the other side I can't afford to spend reasonable amount of time for this (or don't want to review this).
There was a problem hiding this comment.
OK I understood. Thanks. I will remove the limitation later.
|
Thanks @iloveeclipse, I've reflected your review to the doc. It helped me a lot to make it better! :) |
|
Kudos, SonarCloud Quality Gate passed!
|
To solve problems caused by our unclear governance policy for this project, create a
GOVERNANCE.mdat the root directory.I referred to The nodejs governance policy and the Minimum Viable Governance from GitHub, but the content is made from scratch to enable our small start.
After we merge this change, I will configure the branch protection rule to change the number of necessary approval from 1 to 2. Other automations such as stale action and auto-merge will come next.