polysafe-gitfixer is governed by principles of transparency, consensus-seeking, and graduated trust. This document describes how decisions are made and how contributors can participate in project governance.
We prefer consensus over voting. Decisions should emerge from discussion where possible, with voting reserved for deadlocks.
The Tri-Perimeter Contribution Framework (TPCF) provides graduated access based on demonstrated expertise and commitment.
Decisions should be reversible when practical. We prefer experiments over permanent commitments.
All governance discussions happen in public, with decisions documented in issues or merge requests.
See CONTRIBUTING for detailed framework description.
| Perimeter | Access Level | Scope |
|---|---|---|
3 - Community |
Open to all |
Documentation, bug reports, features, examples |
2 - Expert |
Trusted contributors |
Code review, extensions, mentoring |
1 - Core |
Maintainers only |
Security, CI/CD, releases, architecture |
-
Typo fixes, documentation improvements
-
Clear bug fixes with tests
-
Approved by any maintainer
-
Feature additions within existing architecture
-
Dependency updates (non-breaking)
-
Requires review from one core maintainer
-
New components or languages
-
Breaking changes to public APIs
-
Significant architectural changes
-
Requires discussion period (1 week) and approval from 2+ maintainers
-
Anyone who participates in discussions or reports bugs
-
No special permissions required
-
Has submitted multiple accepted contributions
-
Demonstrates understanding of project goals
-
May be invited to review PRs
-
Requirements:
-
3+ months active participation, OR
-
10+ merged contributions, OR
-
Demonstrated domain expertise
-
-
Responsibilities:
-
Review and approve merge requests
-
Mentor new contributors
-
Help with issue triage
-
-
Requirements:
-
Sustained high-quality contributions
-
Demonstrated good judgment
-
Nominated by existing maintainer, approved by consensus
-
-
Responsibilities:
-
Merge to protected branches
-
Release management
-
Security response
-
Final say on architectural decisions
-
-
Listed in MAINTAINERS.md
-
Vulnerability reported via SECURITY.md channels
-
Acknowledged within SLA timeframe
-
Assessed and assigned severity
-
Fix developed in private
-
Coordinated disclosure
We follow Semantic Versioning (SemVer):
-
MAJOR: Breaking changes
-
MINOR: New features, backward compatible
-
PATCH: Bug fixes, backward compatible
-
Feature freeze announced
-
Release candidate prepared
-
Testing period (1 week for major, 3 days for minor)
-
Release notes drafted
-
Tag created and release published
-
Announcement posted
-
Discussion in relevant issue/MR
-
Seek input from domain experts
-
If unresolved, escalate to core maintainers
-
If still unresolved, vote
See CODE OF CONDUCT for enforcement procedures.
-
No single maintainer should have exclusive knowledge
-
Critical systems documented in docs/
-
Multiple maintainers for each component
When a maintainer steps down:
-
Knowledge transfer period (if possible)
-
Update MAINTAINERS.md
-
Credential rotation
-
Public acknowledgment
If the project receives funding:
-
All income and expenses documented
-
Quarterly reports published
-
OpenCollective or similar transparent platform preferred
-
Under $100: Any maintainer
-
$100-$500: Two maintainer approval
-
Over $500: Majority maintainer approval