Writing the first version of the Hostea governance

Membership should not be subject to people “patching” Hostea but also to people who discuss and are otherwise active without changing anything to what Hostea is, as a project.

Here is an idea for amending the rules: membership is gained by contributions of any kind. Access to exclusive resources is restricted to members that are the most active patches contributors.

I’m fine with the idea that the Hostea DNS is controlled by the most active people with the skillset that allow them to produce patches. Not just for code, it can be documentation, it can be modifications to the website since it is also in a repository. I’m less comfortable if that can also happen with a group of very talkative people who do not modify Hostea itself through patches. There are two reasons for that:

• Hostea is, at the core, a technical project and such a rule ensures that control remains in the hands of people who have at least the ability to improve the project with patches of some kind. Otherwise it could be entirely controlled by people who do not know or want to produce any patch to improve or fix Hostea.
• All exclusive resources require a minimum of discipline and technical know how. A DNS must be renewed and configured properly, the glue record must be set, domain transfer must occasionally happen, etc. It is likely that people who have the ability to produce patches on a regular basis also have the ability to properly care for these exclusive resources.

The following rule can be removed. Anyone can be a member of the collective.

• An individual or organization is a Hostea member if they contributed at least four patches in the past year

And the following rule:

• Members with access to an exclusive resource are listed publicly and share it with the most active (number of patches) members when asked to

can be modified to:

• Members trusted with the credentials of an exclusive resource are listed publicly and share it with the most active (number of patches) members when asked to

The modification of with access to an exclusive resource to trusted with the credentials of an exclusive resource is meant to clarify that this is only about sharing passwords, essentially. Not that some spaces are private, which would go against the idea of radical transparency.

Further discussions led to an improved suggestion:

The following rule can be removed. Anyone can be a member of the collective.

• An individual or organization is a Hostea member if they contributed at least four patches in the past year

And the following rule:

• Members with access to an exclusive resource are listed publicly and share it with the most active (number of patches) members when asked to

can be modified to:

• “Members decide who is trusted with the credentials to exclusive resources among the most active members who have a track record demonstrating their technical knowledge and discipline.”

It is best if granting access to credentials is a decision that goes through the usual decision process. But it is worth including a hard requirement that the criterion of (i) most active (ii) technically capable are met.

The rules have been modified accordingly.

It can be argued that Free Software is not just owned by a project’s developers but also by its community and Hostea, because of its selection of trusted members, doesn’t reflect this idea.

I am a little hesitant about handing out credentials to more people than what is strictly necessary to maintain infrastructure. But the selection process feels like a reasonable compromise between security and community ownership.

In the event that the community feels Hostea members with access to infrastructure are betraying the ideals of the organization, they are welcome to fork and start a parallel organization. To that end, I propose we continue the tradition of using Free Software exclusively and creating good documentation of the steps involved in setting up infrastructure.

I could not agree more. The primary motivation for me to work on infrastructure as code and document it as part of the Enough project is to address this particular use case. It is a lot of work for a very rare occurrence and I can understand why most Free Software project do so many things manually when it comes to their infrastructure. But it also is a reason why I’m hesitant to get involved in those other projects. If I was a discovering Hostea, I would like that my first impression is that the people who are the most active made sure forking the project is as simple and fast as humanly possible.