I am a big fan of OPA, and in general the project seems to be going well. But it does give me pause to see that open-policy-agent/opa (in particular) is controlled by one organisation 

Liz 

On Fri, 18 Sep 2020 at 00:42, Maor Goldberg <maor@...> wrote:

Thank you for the clarification Torin, appreciate it. 

My intention was to highlight the need and to hopefully encourage other organizations to join and help your team. 

We are participating in the community meetings for a long time now and can only applaud everything that Styra is doing. 

Congratulations and good luck!

On Sep 17, 2020, at 3:07 PM, Torin Sandall via lists.cncf.io <torin=styra.com@...> wrote:

Hi All,

Maor from apolicy.io sent a follow up email asking about organization responsibilities for different repos. This is all covered in the MAINTAINER.md file:

# Maintainers



The following table lists OPA project maintainers and areas of expertise in alphabetical order:



| Name | GitHub | Email | Organization | Repositories/Area of Expertise | Added/Renewed On |

| --- | --- | --- | --- | --- | --- |

| Ash Narkar | @ashutosh-narkar | anarkar4387@... | Styra | opa, opa-istio-plugin | 2020-04-14 |

| Craig Tabita | @ctab | ctab@... | Google | gatekeeper, gatekeeper-library | 2020-04-14 |

| Max Smythe | @maxsmythe | smythe@... | Google | frameworks/constraints, gatekeeper, gatekeeper-library | 2020-04-14 |

| Patrick East | @patrick-east | east.patrick@... | Styra | opa | 2020-04-14 |

| Rita Zhang | @ritazh | rita.z.zhang@... | Microsoft | frameworks/constraints, gatekeeper, gatekeeper-library | 2020-04-14 |

| Sertaç Özercan | @sozercan | sozercan@... | Microsoft | gatekeeper, gatekeeper-library | 2020-04-14 |

| Tim Hinrichs | @timothyhinrichs | timothy.l.hinrichs@... | Styra | all repositories | 2020-04-14 |

| Torin Sandall | @tsandall | torinsandall@... | Styra | all repositories | 2020-04-14 |

We also have non-voting folks w/ write access on certain repos, which is valuable for onboarding



new contributors to admin the project on a day-to-day basis w/o inheriting full voting rights that are essentially a conflict resolution mechanism for when other attempts to reach consensus fail. Here's a summary of contributor organizations w/ write across across major repos under the open-policy-agent org:

* open-policy-agent/conftest - DataWorkz, Plex, Red Hat,Snyk, Styra
* open-policy-agent/frameworks - Google, Microsoft, Styra
* open-policy-agent/gatekeeper - Google, Microsoft, Styra
* open-policy-agent/gatekeeper-library - Google, Microsoft, Styra
* open-policy-agent/opa - Styra
* open-policy-agent/opa-envoy-plugin - Styra

We're always looking for folks that are interested in making long-term sustained contributions. If you're interested, please get in touch.

On Wed, Sep 16, 2020 at 6:05 PM Torin Sandall <torin@...> wrote:

Hi Maor,

Gatekeeper is not a separate project--it's a part of the OPA project. Microsoft and Google are maintainers of Gatekeeper as well as OPA, meaning all three organizations have the voting rights that go along with maintainership as outlined in our MAINTAINERS.md and GOVERNANCE.md files:

https://github.com/open-policy-agent/opa/blob/master/GOVERNANCE.md
https://github.com/open-policy-agent/opa/blob/master/MAINTAINERS.md

As far as plans for more organizations go, we have a governance process defined that outlines how new maintainers can be added. It requires a proposal from an existing maintainer and a vote from the other maintainers. That would likely occur after someone has made sustained contributions over a period of time. Note, the governance model allows for individuals to be granted permission to admin repos on GitHub without being granted full voting rights to onboard external efforts within OPA (this is how open-policy-agent/conftest is currently managed.)

-Torin

On Wed, Sep 16, 2020 at 5:03 PM Maor Goldberg <maor@...> wrote:

Hey,

Great news and congratulations to the OPA team, great project and a cornerstone for the cloud native enterprise. 

Looking at the maintainer status on the project, I wonder if there’s a plan to add more organizations?

I believe there’s only one organization (Styra) with maintainer status on the OPA project while Google and Microsoft only maintain the Gatekeeper project (my understanding is that Gatekeeper is a separate project). 

I think it will be great to see more than one organization sharing responsibility and leadership for this important project.

Good luck,

Maor. 

<PastedGraphic-1.tiff>

On Sep 16, 2020, at 10:46 AM, Brendan Burns via lists.cncf.io <bburns=microsoft.com@...> wrote:

Folks

The OPA project has applied for graduation from incubation to graduated. (https://github.com/cncf/toc/pull/520)

The due dilligence document can be found here: https://docs.google.com/document/d/19M5fTpe57rQIMNxawRl5wSWvJUapuzY-CkV4O5pvieU/edit

The public comment period is now open for 2 weeks, and all SIGs, end users, TOC members, and community members are welcome to comment by replying to this thread.

Brendan Burns

--

-Torin

--

-Torin