Changes to new committer process guidelines

[Craig Russell <ap...@gmail.com>]

Hi,

There are a few changes I'd like to propose to the published guidelines here:
https://community.apache.org/newcommitter.html#new-committer-process

These changes will help to make the new committer process smoother as well as to avoid possible leakage of PII during the process.

There are two issues with the current process:

1. The newly elected committer (candidate) might already be a committer or might already have an ICLA on file. In these cases, the invitation to the committer needs to be different, and the response by both the PMC and candidate needs to be different.

2. Frequently, the new committer sends the ICLA (with PII) to the private list, thereby leaking the PII to the entire membership.

I'll follow up with a PR once the current PR to the same page has been processed, but basically I'd like to have the PMC investigate the status of the elected committer prior to inviting them:

If the candidate is already a committer on a project, ask them if they accept and the PMC will add them to the roster.

If the candidate already has an ICLA on file, ask them to reply and choose an available ID. If they accept, the PMC will then request the account creation.

If the PMC cannot find evidence of an existing committer or ICLA, ask the candidate to verify before replying. If they have not yet submitted an ICLA, ask them to send the ICLA only to the Secretary in a separate message, and include their requested ID and project on the form, not by cc: project.

These small changes help smooth the process and will be recommended best practice to all PMCs. It is especially important to avoid PII leakage which is a current focus of the Privacy VP.

Regards,
Craig

Craig L Russell
clr@apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: privacy-discuss-unsubscribe@apache.org
For additional commands, e-mail: privacy-discuss-help@apache.org