Governance model for LibrePCB development

From @rnestler on Mon Sep 03 2018 21:15:47 GMT+0000 (UTC)

I would like to start a discussion about the governance model used for the development of LibrePCB. I’ll start with trying to describe the current model and propose some formalizations and changes for future development.

Current Situation (BDFL - model)

Currently @ubruhin does a great job at not only being the main developer of LibrePCB since more than 5 years, but also at administrating all the GitHub repositories, reviewing most of the MR, handling the issues and managing the LibrePCB website!
The LibrePCB Twitter account is managed by me and @dbrgn (which got me the unofficial title as “community manager” of LibrePCB by @ubruhin )
So most of the governance and administration is done by @ubruhin. This is partially because he is heavily invested in the project, but also partially because others don’t have access to actually do any of these tasks.
For example I noticed, that the librepcb.org website doesn’t properly support https (https://github.com/LibrePCB/LibrePCB.github.io/issues/17) but couldn’t fix it, because I didn’t have access.

Proposed Changes / Ideas

Keep @ubruhin as a BDFL (benevolent dictator for live) since he does an awesome job at running the project!
Define a core team which has access to the GitHub organization and repos (no merging, since nobody besides @ubruhin currently has enough knowledge of the codebase to decide that in my opinion), the server, the Twitter account and can do every administrative task. This can free up time for @ubruhin to actually develop the LibrePCB software.
This team should be able to share credentials for accessing the different accounts and servers and a good ways to communicate.
Of course members of the core team shouldn’t do stuff completely by their own without informing the rest of the core team (via the LibrePCB chat or other communication channels).

Concrete Changes / TODOs

• [ ] Shared access for DNS entry (See https://github.com/LibrePCB/LibrePCB.github.io/issues/17)
• [ ] Shared access to server for deployment
• [ ] Place to share credentials
• [ ] Place for communication (Separate Telegram channel? Selfhosted Mattermost?)
  
  Copied from original issue: https://github.com/LibrePCB/librepcb-rfcs/issues/27

From @ubruhin on Tue Sep 04 2018 18:35:56 GMT+0000 (UTC)

Generally I like the idea, but I also wonder if that would really help. Most of the open issues can be resolved without administrative access, there are only very few things which need administrative access. For me it’s OK to do all the administrative things, if I get help on the other issues

There is also some additional risk if many users have administrative access (which is not even needed most of the time). As an example, the Gentoo GitHub organization was hacked just a few months ago. Basically it would also be possible to give administrative access only temporary when it’s needed.