| | 12 | |
| | 13 | == Definitions == |
| | 14 | |
| | 15 | Before moving on to the specifics, we need to define a few terms we're using: |
| | 16 | |
| | 17 | * A '''Contributor''' is a person who does at least one of the following: |
| | 18 | * Submit patches to library code, documentation, build systems, tests, and anything materially tangible that's considered part of a library project (logos, websites, blog entries, etc.). |
| | 19 | * Reports issues with the library which means she has used it in a given context and is considered a testing contribution. |
| | 20 | * Merges patches into the a library on his personal branch/fork of the library and runs tests locally on his system. |
| | 21 | * Runs regression tests for a particular Boost distribution (see distribution below). |
| | 22 | * Shepherds contributions in from other sources into the main library. |
| | 23 | * Donates money or resources to making sure that the library effort continues. |
| | 24 | * A '''Distribution''' is a collection of reviewed and accepted libraries. There can be many different types of distributions some of which are listed below: |
| | 25 | * Theme-based distributions (Metaprogramming, Algorithms, Containers, etc.) |
| | 26 | * Layer-based distributions (Core, Utilities, Extensions) |
| | 27 | * Maturity-based distributions (Stable, Unstable, etc.) |
| | 28 | * A '''Release Manager''' is a person who: |
| | 29 | * Pulls together published versions of the libraries in the distribution that she manages. |
| | 30 | * Coordinates the efforts of contributors for libraries that are part of the distribution to get a given release tested, packaged, and distributed for general availability. |
| | 31 | * Signs off (literally, with his GPG Key, see "Web of Trust" below) on all changes merged into a release. |
| | 32 | * The '''Web of Trust''' system relies on: |
| | 33 | * Contributors having signed GPG keys and publicly available public keys who sign all their contributions as well as those they shepherd into his own branch/fork. |
| | 34 | * Library Maintainers who have their signed GPG keys and publicly available public keys who pull in contributions from contributors and signs off on all their changes as well. |
| | 35 | * Release Managers who have their signed GPG keys and publicly available public keys who sign all the changes they pull in and all the tags they define for releases. |
| | 36 | * The web of trust signifies: |
| | 37 | * If a Contributor's GPG key is signed by a library maintainer, then that contributor is eligible to become a library maintainer. |
| | 38 | * A Release Manager may choose to pull changes that are not library maintainer-signed in case a library maintainer is not active or not available. |
| | 39 | * If a Release Manager chooses to sign a Contributor's key, that makes the Contributor eligible for maintaining a library which may potentially have the original library maintainer unavailable; in this situation, a Contributor is promoted to Library Maintainer from the trust system. |
| | 40 | * If two or more Release Managers sign either a Contributor's or Library Maintainer's key, that makes that person eligible to become a release manager of the distribution or distributions where the signing release managers are release managers of. |
| | 41 | * It is preferred -- but not required -- that people sign keys only if they have met in person or that they can say with reasonable certainty that this person they're signing the keys of is actually someone they trust. It's suggested that BoostCon or local Boost User Group events be the venue where key exchanges and key signings happen. |
| | 42 | * A Trusted Contributor, Trusted Library Maintainer, or Trusted Release Manager is a person who has at least two peers in the same or higher level (Contributor < Library Maintainer < Release Manager) signing with high trust levels. |
| | 43 | * An '''Official Boost Release''' is an official release that is packaged and signed by a Trusted Release Manager. |
