Skip to content

Latest commit

 

History

History
117 lines (59 loc) · 11.7 KB

CHARTER.md

File metadata and controls

117 lines (59 loc) · 11.7 KB

Technical Charter for Open Source Security Foundation

Global Cyber Policy Working Group

Adopted: 6-Feb-2025

This Technical Charter sets forth the responsibilities and procedures for technical contribution to, and oversight of, the Global Cyber Policy open source community, which has been established as a Working Group (the "Technical Initiative") under the Open Source Security Foundation (the “OpenSSF”). All contributors (including contributors, maintainers, and other technical positions) and other participants in the Working Group (collectively, “Collaborators”) must comply with the terms of this Technical Charter and the OpenSSF Charter.

1. Mission and Scope of the Working Group

  • a. The mission of the Working Group is to provide a forum for our members and the broader community to collaborate on Global Cybersecurity-related legislation, frameworks, and standards which facilitate conformance to regulatory requirements by open source projects and their consumers.

  • b. The scope of the Working Group includes collaborative development under the Technical Initiative License (as defined herein) supporting the mission, including organizing collaboration activities, defining best practices, documentation, testing, integration and the creation of other artifacts that support the mission.

2. Technical Steering Committee

  • a. The Working Group will be considered synonymous with the Technical Steering Committee (the "TSC" elsewhere in this document) and will be responsible for all oversight of the Working Group.

  • b. Members of the working group will be documented in the Working Group's repository. Anyone may join the Working Group by making a pull request on the MEMBERS.md document. A member of the group's leadership will review these requests and approve unless further information is required. Any meetings of the Working Group are intended to be open to the public, and can be conducted electronically, via teleconference, or in person.

  • c. The Working Group generally will involve Maintainers and Contributors. The Working Group may adopt or modify additional roles so long as the roles are documented in the Working Group’s repository. Unless otherwise documented:

    • i. Contributors include anyone in the technical community that contributes effort, ideas, code, documentation, or other artifacts to the Technical Initiative;

    • ii. Maintainers are members of the working group's leadership team, comprised of working group chairs, selected OpenSSF staff members and SIG leads.

    • iii. A contributor or a maintainer may be removed by a majority approval of the other existing Contributors, by agreement of the Maintainers, or due to violation of the Code of Conduct.

    • iv. The Maintainers will determine the process for selecting future Maintainers. A Maintainer may be removed by two-thirds approval of the other existing Maintainers, or a majority of the other existing Contributors, or by OpenSSF senior staff if there is shown to violation of the Code of Conduct.

  • d. Participation in the Working Group through becoming a Contributor, or Maintainer is open to anyone, whether an OpenSSF member or not, so long as they abide by the terms of this Technical Charter and applicable Linux Foundation rules.

  • e. The Working Group may create, change, modify, or remove roles or their definitions, so long as the definitions of roles for the Technical Initiative are publicly available in the Technical Initiative repository.

  • f. The Working Group may elect a Chair or two co-Chairs, who will preside over meetings of the Working Group and will serve until their resignation or replacement by the Working Group.

    • i. The Working Group Chairs may further select Special Interest Group (SIG) leads who will become Maintainers and members of the Working Group leadership team.

  • g. Responsibilities: The Working Group will be responsible for all aspects of oversight relating to the Working Group, which may include:

    • i. coordinating the direction of the Working Group;

    • ii. approving, organizing or removing activities and projects;

    • iii. establish community norms, workflows, processes, release requirements, and templates for the operation of the Working Group;

    • iv. establish a fundraising model, and approve or modify the Working Group's budget, subject to OpenSSF Governing Board approval;

    • v. appointing representatives to work with other open source or open standards communities;

    • vi. appointing representatives to work with other industry bodies;

    • vii. appointing representatives to work with regulatory or government bodies;

    • viii. approving and implementing policies and processes for contributing (to be published in the Working Group's repository) and coordinating with the Linux Foundation to resolve matters or concerns that may arise as set forth in Section 6 of this Technical Charter;

    • ix. facilitating discussions, seeking consensus, and where necessary, voting on technical matters relating to the Working Group; and

    • x. coordinating any communications regarding the Working Group.

3. Working Group Voting

  • a. While the Working Group aims to operate as a consensus-based community, if any decision requires a vote to move the Working Group forward, the voting members of the Working Group will vote on a one vote per voting member basis.

  • b. Quorum for TSC meetings requires at least fifty percent of all voting members of the Working Group to be present. The Working Group may continue to meet if quorum is not met but will be prevented from making any decisions at the meeting.

  • c. Except as provided in Section 7.c. and 8.a, decisions by vote at a meeting require a majority vote of those in attendance, provided quorum is met. Decisions made by electronic vote without a meeting require a majority vote of all voting members of the Working Group.

  • d. In the event a vote cannot be resolved by the Working Group, any voting member of the Working Group may refer the matter to the TAC for assistance in reaching a resolution.

4. Compliance with Policies

  • a. This Technical Charter is subject to the OpenSSF Charter and any rules or policies established for all Technical Initiatives.

  • b. The Technical Initiative participants must conduct their business in a professional manner, subject to the OpenSSF Code of Conduct (based on the Contributor Covenant Code of Conduct 2.0), available at https://openssf.org/community/code-of-conduct/.

  • c. All Collaborators must allow open participation from any individual or organization meeting the requirements for contributing under this Technical Charter and any policies adopted for all Collaborators by the TSC, regardless of competitive interests. Put another way, the Technical Initiative community must not seek to exclude any participant based on any criteria, requirement, or reason other than those that are reasonable and applied on a non-discriminatory basis to all Collaborators in the Technical Initiative community. All activities conducted in the Technical Initiative are subject to the Linux Foundation’s Antitrust Policy, available at https://www.linuxfoundation.org/antitrust-policy.

  • d. The Technical Initiative will operate in a transparent, open, collaborative, and ethical manner at all times. The output of all Technical Initiative discussions, proposals, timelines, decisions, and status should be made open and easily visible to all. Any potential violations of this requirement should be reported immediately to the TAC.

5. Community Assets

  • a. The Linux Foundation will hold title to all trade or service marks used by the Technical Initiative ("Technical Initiative Trademarks"), whether based on common law or registered rights. Technical Initiative Trademarks may be transferred and assigned to LF Technical Initiatives to hold on behalf of the Technical Initiative. Any use of any Technical Initiative Trademarks by Collaborators in the Technical Initiative will be in accordance with the trademark usage policy of the Linux Foundation, available at https://www.linuxfoundation.org/trademark-usage, and inure to the benefit of the Linux Foundation.

  • b. The Linux Foundation or Technical Initiative must own or control the repositories, social media accounts, and domain name registrations created for use by the Technical Initiative community.

  • c. Under no circumstances will the Linux Foundation be expected or required to undertake any action on behalf of the Technical Initiative that is inconsistent with the policies or tax-exempt status or purpose, as applicable, of the Linux Foundation.

6. Intellectual Property Policy

  • a. Collaborators acknowledge that the copyright in all new contributions will be retained by the copyright holder as independent works of authorship and that no contributor or copyright holder will be required to assign copyrights to the Technical Initiative.

  • b. Except as described in Section 6.c., all contributions to the Technical Initiative are subject to the following:

    • i. All new inbound code contributions to the Technical Initiative must be made using the Apache License, Version 2.0, available at https://www.apache.org/licenses/LICENSE-2.0 (the "Technical Initiative License").

    • ii. All new inbound code contributions must also be accompanied by a Developer Certificate of Origin (http://developercertificate.org) sign-off in the source code system that is submitted through a TSC-approved contribution process which will bind the authorized contributor and, if not self-employed, their employer to the applicable license;

    • iii. All outbound code will be made available under the Technical Initiative License.

    • iv. Documentation will be received and made available by the Technical Initiative under the Creative Commons Attribution 4.0 International License, available at http://creativecommons.org/licenses/by/4.0/.

    • v. To the extent a contribution includes or consists of data, any rights in such data shall be made available under the CDLA-Permissive 1.0 License.

    • vi. The Technical Initiative may seek to integrate and contribute back to other open source projects ("Upstream Projects"). In such cases, the Technical Initiative will conform to all license requirements of the Upstream Projects, including dependencies, leveraged by the Technical Initiative. Upstream Project code contributions not stored within the Technical Initiative’s main code repository will comply with the contribution process and license terms for the applicable Upstream Project.

  • c. The TSC may approve the use of an alternative license or licenses for inbound or outbound contributions on an exception basis. To request an exception, please describe the contribution, the alternative open source license(s), and the justification for using an alternative open source license for the Technical Initiative. License exceptions must be approved by a two-thirds vote of the entire Governing Board.

  • d. Contributed files should contain license information, such as SPDX short form identifiers, indicating the open source license or licenses pertaining to the file.

7. Amendments

  • a. This charter may be amended by a two-thirds vote of the entire TSC and is subject to approval by the TAC.

8. Liaisons

  • a. This group will endeavor to establish regular communications and coordinate its efforts with other similar organizations. A list of these will be maintained in our liaisons list.