Copyright 2017 OpenStack Foundation This work is licensed under a Creative Commons Attribution 3.0 Unported License. http://creativecommons.org/licenses/by/3.0/legalcode
Gerrit ContactStore Removal¶
The time has come to stop relying on the ContactStore implementation in Gerrit to limit code contributions to Foundation Individual Members.
According to the Bylaws of the OpenStack Foundation Appendix 4 Technical Committee Member Policy §3.b along with the OpenStack Technical Committee Charter definitions for APC and ATC, we limit the voter rolls for technical elections to Foundation Individual Members. In order to comply with this requirement, we currently require all contributors to CLA-enforced Git repositories to submit contact info to the Gerrit contact store which in turn pings a simple API in the foundation member system to confirm the preferred E-mail address in Gerrit matches the primary E-mail address of an existing OpenStack Foundation Individual Member.
This has a number of drawbacks:
It forces contributors to join the OpenStack Foundation even if they have no interest in voting in technical elections or participating in other member benefits.
Our interpretation of the meaning of contributor for these purposes has been unnaturally limited to change owners in Gerrit, in part because commit authors and co-authors aren’t constrained by the contact store process and so might not be members; manual listing as extra ATCs in the
governancerepo has been the sole workaround, and requires cumbersome manual verification of foundation membership for each addition.
The model is inherently flawed since it’s been possible for a couple years now for a member to officially resign or allow their membership to lapse, but contact store submission is only ever enforced once when the account is first set up and so we may be incorrectly allowing lapsed or resigned members to vote in technical elections.
The implementation is brittle and process confusing, resulting in opaque errors which often confound new contributors and overall inhibit onboarding.
Because the protocol only submits a single E-mail address and backend implementation in the current member system only queries against a single address field, it unnecessarily causes users to have the same primary/preferred address in both systems (at least initially).
Gerrit has removed contact store functionality upstream after 2.11, and we’d like to be able to upgrade to a newer Gerrit release.
Very recently the OpenStackID Resources system has introduced a member directory API which is public and anonymous. Integrating this into the change owners script we use for generating electoral rolls will allow us to expressly filter out non-member contributors.
Side effect benefits include:
it can help further identify duplicate contributors where there may be multiple E-mail addresses in the member system for a single membership, yet corresponding to multiple accounts in Gerrit with those different addresses
it will also properly limit voting rights for extra ATCs who have not joined the foundation, eliminating any need for the current cumbersome vetting process
it would even enable us (should we choose) to more easily expand the interpreted definition of ATC to include a variety of other types of verifiable contribution tied to a known E-mail address including commit authors and co-authors
We could live with the terrible terribleness, continue to hold easily disputed elections, scare away new contributors and run an outdated Gerrit. Not much of an alternative if you ask me.
- Primary assignee:
Use Gerrit topic “gerrit-contactstore-removal” for all patches related to this spec.
git-review -t gerrit-contactstore-removal
owners.pyto use the new member directory API.
Notify election officials of the change in behavior.
Remove the contact store implementation from Gerrit configuration templates and manifests in
Update the account setup steps documented in the
infra-manualrepo to indicate that foundation membership is optional (but encouraged).
Notify the developer community at large by posting an announcement of the new contributor onboarding behavior change/simplification.
Make sure the Upstream Institute volunteers are aware so they can update their training materials accordingly.
No new git repositories need to be created.
No new servers need to be created. The
review-dev.openstack.org servers will have configuration changes
via Puppet and need
gerrit service restarts for this to take
effect. The necessary outage will be brief, so a restart at a
reasonably convenient time for the community should not require
advance notification nor planning.
No DNS entries need to be created or updated.
As mentioned in the Work Items section, the Infra Manual will require updates to reflect the new onboarding workflow.
This does not introduce any additional known security risks, and there are no identified security-related considerations which need discussing.
Manual testing of the
owners.py script change should be
performed against official contributor data, comparing output
between runs of the old and new versions for any unintended changes
There are no other specs, libraries or new Puppet modules on which this specification depends.