1*64cb1c8fSCassandra Targett= Tips & Tricks for PMC Chair 2*64cb1c8fSCassandra Targett:toc: left 3*64cb1c8fSCassandra Targett// Licensed to the Apache Software Foundation (ASF) under one 4*64cb1c8fSCassandra Targett// or more contributor license agreements. See the NOTICE file 5*64cb1c8fSCassandra Targett// distributed with this work for additional information 6*64cb1c8fSCassandra Targett// regarding copyright ownership. The ASF licenses this file 7*64cb1c8fSCassandra Targett// to you under the Apache License, Version 2.0 (the 8*64cb1c8fSCassandra Targett// "License"); you may not use this file except in compliance 9*64cb1c8fSCassandra Targett// with the License. You may obtain a copy of the License at 10*64cb1c8fSCassandra Targett// 11*64cb1c8fSCassandra Targett// http://www.apache.org/licenses/LICENSE-2.0 12*64cb1c8fSCassandra Targett// 13*64cb1c8fSCassandra Targett// Unless required by applicable law or agreed to in writing, 14*64cb1c8fSCassandra Targett// software distributed under the License is distributed on an 15*64cb1c8fSCassandra Targett// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16*64cb1c8fSCassandra Targett// KIND, either express or implied. See the License for the 17*64cb1c8fSCassandra Targett// specific language governing permissions and limitations 18*64cb1c8fSCassandra Targett// under the License. 19*64cb1c8fSCassandra Targett 20*64cb1c8fSCassandra TargettCongratulations on becoming the Chair of the Lucene PMC! Thank you for accepting the role. 21*64cb1c8fSCassandra Targett 22*64cb1c8fSCassandra TargettThe primary responsibilities of the Chair are: 23*64cb1c8fSCassandra Targett 24*64cb1c8fSCassandra Targett. <<Grant Karma to New Committers,Grant karma for new committers>> 25*64cb1c8fSCassandra Targett. <<Grant Karma to new PMC Members,Grant karma for new members of the PMC>> 26*64cb1c8fSCassandra Targett. Deal with <<Security Issues,security issues>> and reports of vulnerabilities 27*64cb1c8fSCassandra Targett. Make <<Board Reports,quarterly reports>> to the ASF Board 28*64cb1c8fSCassandra Targett. Handle <<Miscellaneous Requests,miscellaneous requests>> for Git repos, mailing lists, Jenkins access, etc. 29*64cb1c8fSCassandra Targett 30*64cb1c8fSCassandra Targett== Tools to Help You 31*64cb1c8fSCassandra TargettAs a member of the PMC, you should have already been granted permission to the necessary systems. As Chair, in some cases you have higher permissions. 32*64cb1c8fSCassandra Targett 33*64cb1c8fSCassandra TargettThe following Apache systems help automate some of the things you need to do: 34*64cb1c8fSCassandra Targett 35*64cb1c8fSCassandra Targett* Whimsy: https://whimsy.apache.org/. The official project roster is stored in Whimsy. This is where you go to add new committers or PMC members, and grant Jenkins permissions. 36*64cb1c8fSCassandra Targett* Reporter Tool: https://reporter.apache.org/. A wizard here will help you file the quarterly report. 37*64cb1c8fSCassandra Targett* Apache Self-Serve: https://selfserve.apache.org/. Several tools to help if you need to create new Jira projects, Confluence spaces, GitHub repos, mailing lists, etc. 38*64cb1c8fSCassandra Targett 39*64cb1c8fSCassandra Targett== Grant Karma to New Committers 40*64cb1c8fSCassandra Targett 41*64cb1c8fSCassandra TargettWhen the PMC votes to make a contributor into a committer, the Chair does not usually have to do anything. 42*64cb1c8fSCassandra Targett 43*64cb1c8fSCassandra TargettTraditionally we expect the person who recommended the new committer to handle inviting the person to become a committer, ensuring their accounts get set up properly, and announcing the change to the dev@lucene list. 44*64cb1c8fSCassandra Targett 45*64cb1c8fSCassandra TargettIf the person is not yet a committer on any other Apache project, they will need to submit an Individual Contributor License Agreement (ICLA) before their account can be created. 46*64cb1c8fSCassandra Targett 47*64cb1c8fSCassandra TargettOnce their ICLA is on file, the Infra team will set up their account and grant them committer permissions. 48*64cb1c8fSCassandra Targett 49*64cb1c8fSCassandra TargettIf the person already has an ICLA on file, anyone on the PMC can go to the https://whimsy.apache.org/roster/committee/lucene[Lucene roster in Whimsy] and add the person. 50*64cb1c8fSCassandra Targett 51*64cb1c8fSCassandra TargettSee also http://apache.org/dev/pmc.html#noncommitter for details on the process. 52*64cb1c8fSCassandra Targett 53*64cb1c8fSCassandra Targett=== Jira and Confluence Permissions 54*64cb1c8fSCassandra Targett 55*64cb1c8fSCassandra TargettJira and Confluence use Apache's LDAP system for authentication, so once the new committer has been granted the permissions to make commits, they will have updated permissions in those systems also. They will not automatically have Jenkins or GitHub permissions, however. 56*64cb1c8fSCassandra Targett 57*64cb1c8fSCassandra Targett=== GitHub Permissions 58*64cb1c8fSCassandra Targett 59*64cb1c8fSCassandra TargettFor a new committer to have permissions to make commits via GitHub and to also create, merge, or close GitHub pull requests via the GitHub interface, they must first link their Apache and GitHub user IDs. They can do this by going to https://id.apache.org and filling in the "Your GitHub Username" field. 60*64cb1c8fSCassandra Targett 61*64cb1c8fSCassandra TargettAfter adding their GitHub ID, it can take 3-4 hours for the permissions in GitHub to be updated. The committer will need to make sure they have two-factor authentication (2FA) enabled in GitHub in order for the permissions to be granted. 62*64cb1c8fSCassandra Targett 63*64cb1c8fSCassandra TargettSee also https://reference.apache.org/committer/github. 64*64cb1c8fSCassandra Targett 65*64cb1c8fSCassandra Targett== Grant Karma to new PMC Members 66*64cb1c8fSCassandra Targett 67*64cb1c8fSCassandra TargettOnce a vote to add a new member of the PMC has passed, the Chair must send the proposed change to the Board by sending an email to board@apache.org with a link to the Vote & Result thread from the archives (https://lists.apache.org/). 68*64cb1c8fSCassandra Targett 69*64cb1c8fSCassandra TargettThe board will not respond. After 72 hours, check that the mail appears in the Board archives by sending mail to `board-index@apache.org`. The response should show the notification to the Board was received. 70*64cb1c8fSCassandra Targett 71*64cb1c8fSCassandra TargettOnce the 72 hours has passed, the Chair can go to the https://whimsy.apache.org/roster/committee/lucene[Lucene roster in Whimsy] and change the person from a Committer to a member of the PMC. 72*64cb1c8fSCassandra Targett 73*64cb1c8fSCassandra TargettSee also: http://www.apache.org/dev/pmc.html#newpmc. 74*64cb1c8fSCassandra Targett 75*64cb1c8fSCassandra Targett== Security Issues 76*64cb1c8fSCassandra Targett 77*64cb1c8fSCassandra TargettApache has a dedicated security team that helps handle reports of vulnerabilities in all Apache software. 78*64cb1c8fSCassandra Targett 79*64cb1c8fSCassandra TargettThe standard process for handling vulnerability reports is defined at https://www.apache.org/security/committers.html#vulnerability-handling. 80*64cb1c8fSCassandra Targett 81*64cb1c8fSCassandra Targett*All vulnerability reports must be handled with discretion and should not be discussed outside the Apache Security team and the PMC.* The reason for this is to prevent the vulnerability from being exploited before we have a chance to come up with proper mitigation steps and/or bug fixes. 82*64cb1c8fSCassandra Targett 83*64cb1c8fSCassandra Targett=== How Vulnerabilities are Reported 84*64cb1c8fSCassandra TargettThe mailing list security@lucene.apache.org has been set up to handle vulnerability reports. This list includes the Apache Security team, so they do not need to be cc'd on mails to that list. PMC members are unfortunately not automatically subscribed to this list, they must subscribe themselves. 85*64cb1c8fSCassandra Targett 86*64cb1c8fSCassandra TargettThe Apache Security team should be kept in the loop regarding how we decide to handle any vulnerability report. They are not cc'd on mails to private@lucene.apache.org, so if discussion happens there, security@apache.org should be copied where appropriate. 87*64cb1c8fSCassandra Targett 88*64cb1c8fSCassandra TargettVulnerabilities may also be reported via Jira. When this happens, the Security Level field in the issue must be set to "Private", which means it can only be viewed by members of the PMC. 89*64cb1c8fSCassandra Targett 90*64cb1c8fSCassandra TargettIf the vulnerability is reported via email, ensure that security@apache.org has a copy of the report, and also file a Jira issue for discussion about mitigation and fix. 91*64cb1c8fSCassandra Targett 92*64cb1c8fSCassandra Targett=== Mitigation and Fixes 93*64cb1c8fSCassandra Targett 94*64cb1c8fSCassandra TargettIt's up to the PMC as a whole to provide workarounds and/or fixes for all vulnerability reports. Your job as Chair is to ensure that it's happening in a timely manner and according to the process. There's nothing specific you have to do unless others are not doing it. 95*64cb1c8fSCassandra Targett 96*64cb1c8fSCassandra Targett== Board Reports 97*64cb1c8fSCassandra Targett 98*64cb1c8fSCassandra TargettThe Chair must submit a quarterly report to the Apache Board of Directors. Our schedule is to file reports in March, June, September, and December of any year. 99*64cb1c8fSCassandra Targett 100*64cb1c8fSCassandra Targett=== Schedule 101*64cb1c8fSCassandra Targett 102*64cb1c8fSCassandra TargettReports are due quarterly. A bot will send a reminder that a report is due before the monthly ASF Board meeting; 103*64cb1c8fSCassandra Targettthe report is due a week before the scheduled meeting. 104*64cb1c8fSCassandra Targett 105*64cb1c8fSCassandra TargettIt's customary to send a draft of the report to the PMC for review prior to sending it to the Board. 106*64cb1c8fSCassandra Targett 107*64cb1c8fSCassandra Targett=== Template & Wizard 108*64cb1c8fSCassandra Targett 109*64cb1c8fSCassandra TargettA report template is available from https://reporter.apache.org. 110*64cb1c8fSCassandra Targett 111*64cb1c8fSCassandra TargettTo make creating the report easier, a reporting wizard is available at https://reporter.apache.org/wizard/. 112*64cb1c8fSCassandra Targett 113*64cb1c8fSCassandra TargettThe wizard will provide a blank template with the sections already defined. As you use the wizard to write the report, it will show you data and examples to assist you in completing the report. 114*64cb1c8fSCassandra Targett 115*64cb1c8fSCassandra TargettOpen security issues should be reported to the Board. Since Board reports are generally public, discussion of the issues should be in `<private>` tags so they are removed from the report when the Board makes it public after their monthly meeting. This helps prevent details of vulnerabilities from leaking out before they have been mitigated. 116*64cb1c8fSCassandra Targett 117*64cb1c8fSCassandra Targett=== Board Feedback 118*64cb1c8fSCassandra Targett 119*64cb1c8fSCassandra TargettAfter the Board meeting, they may have feedback on the quarterly report. They may simply make a comment, or they may request something as follow-up. Respond to the feedback as appropriate. 120*64cb1c8fSCassandra Targett 121*64cb1c8fSCassandra Targett== Miscellaneous Requests 122*64cb1c8fSCassandra Targett 123*64cb1c8fSCassandra Targett=== Add Jenkins Rights 124*64cb1c8fSCassandra Targett 125*64cb1c8fSCassandra TargettThis will allow the user to configure Jenkins jobs. 126*64cb1c8fSCassandra Targett 127*64cb1c8fSCassandra TargettJust add the committer to the `hudson-jobadmin` group in Whimsy: https://whimsy.apache.org/roster/group/hudson-jobadmin 128*64cb1c8fSCassandra Targett 129*64cb1c8fSCassandra Targett=== IP Clearance 130*64cb1c8fSCassandra Targett 131*64cb1c8fSCassandra TargettCode donations are kept in https://svn.apache.org/repos/asf/incubator/public/trunk/content/ip-clearance. For the process, see https://incubator.apache.org/ip-clearance/. 132*64cb1c8fSCassandra Targett 133*64cb1c8fSCassandra Targett=== Licenses and Passwords 134*64cb1c8fSCassandra Targett 135*64cb1c8fSCassandra TargettPrivate PMC files: https://svn.apache.org/repos/private/pmc/lucene/ 136*64cb1c8fSCassandra Targett 137*64cb1c8fSCassandra Targett=== Changing the Chair 138*64cb1c8fSCassandra TargettThe Lucene PMC traditionally rotates the Chair once a year. 139*64cb1c8fSCassandra Targett 140*64cb1c8fSCassandra TargettWhen it's time to change Chairs, think of a member of the PMC to replace you and ask if they will be willing to serve a term as Chair. 141*64cb1c8fSCassandra TargettIf they agree, you can start a VOTE thread in private@lucene.apache.org nominating your successor. 142*64cb1c8fSCassandra Targett 143*64cb1c8fSCassandra TargettAssuming the vote passes, you can send a resolution to the Board for their approval to change the Chair. Include the vote thread in the resolution. 144*64cb1c8fSCassandra TargettYou do not need to wait until the usual quarterly report is due to change the Chair. 145*64cb1c8fSCassandra Targett 146*64cb1c8fSCassandra TargettResolution example/template: 147*64cb1c8fSCassandra Targett 148*64cb1c8fSCassandra Targett---- 149*64cb1c8fSCassandra TargettA. Change the Apache Lucene Project Chair 150*64cb1c8fSCassandra Targett 151*64cb1c8fSCassandra Targett WHEREAS, the Board of Directors heretofore appointed <old Chair> 152*64cb1c8fSCassandra Targett (<apache id>) to the office of Vice President, Apache Lucene, and 153*64cb1c8fSCassandra Targett 154*64cb1c8fSCassandra Targett WHEREAS, the Board of Directors is in receipt of the resignation 155*64cb1c8fSCassandra Targett of Adrien Grand from the office of Vice President, Apache 156*64cb1c8fSCassandra Targett Lucene, and 157*64cb1c8fSCassandra Targett 158*64cb1c8fSCassandra Targett WHEREAS, the Project Management Committee of the Apache Lucene 159*64cb1c8fSCassandra Targett project has chosen by vote to recommend <new Chair> (<apache id>) 160*64cb1c8fSCassandra Targett as the successor to the post; 161*64cb1c8fSCassandra Targett 162*64cb1c8fSCassandra Targett NOW, THEREFORE, BE IT RESOLVED, that <old Chair> is relieved 163*64cb1c8fSCassandra Targett and discharged from the duties and responsibilities of the office 164*64cb1c8fSCassandra Targett of Vice President, Apache Lucene, and 165*64cb1c8fSCassandra Targett 166*64cb1c8fSCassandra Targett BE IT FURTHER RESOLVED, that <new Chair> be and hereby is 167*64cb1c8fSCassandra Targett appointed to the office of Vice President, Apache Lucene, to serve 168*64cb1c8fSCassandra Targett in accordance with and subject to the direction of the Board of 169*64cb1c8fSCassandra Targett Directors and the Bylaws of the Foundation until death, 170*64cb1c8fSCassandra Targett resignation, retirement, removal or disqualification, or until a 171*64cb1c8fSCassandra Targett successor is appointed. 172*64cb1c8fSCassandra Targett 173*64cb1c8fSCassandra Targett Thread: <link to vote thread> 174*64cb1c8fSCassandra Targett---- 175*64cb1c8fSCassandra Targett 176*64cb1c8fSCassandra TargettThe Board will vote to adopt the resolution in their next meeting. 177*64cb1c8fSCassandra Targett 178*64cb1c8fSCassandra TargettThank you for being Chair! 179