RFC 8875




Internet Engineering Task Force (IETF)                         A. Cooper
Request for Comments: 8875                                         Cisco
Category: Informational                                       P. Hoffman
ISSN: 2070-1721                                                    ICANN
                                                             August 2020


                  Working Group GitHub Administration

Abstract



   The use of GitHub in IETF working group processes is increasing.
   This document describes uses and conventions for working groups that
   are considering starting to use GitHub.  It does not mandate any
   processes and does not require changes to the processes used by
   current and future working groups not using GitHub.

Status of This Memo



   This document is not an Internet Standards Track specification; it is
   published for informational purposes.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Not all documents
   approved by the IESG are candidates for any level of Internet
   Standard; see Section 2 of RFC 7841.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   https://www.rfc-editor.org/info/rfc8875.

Copyright Notice



   Copyright (c) 2020 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents



   1.  Introduction
   2.  Administrative Process and Conventions
     2.1.  Creation of GitHub Organizations
     2.2.  Migration of an Existing Organization
     2.3.  Personnel Changes
     2.4.  Working Group Closing
     2.5.  Creation of Document Repository
     2.6.  Listing Related Repositories
   3.  Working Group Process
     3.1.  Contributions
     3.2.  Backing Up and Archiving GitHub Content
   4.  Security Considerations
   5.  IANA Considerations
   6.  Informative References

   Authors' Addresses



1.  Introduction



   Many IETF working groups and participants make use of GitHub in
   different ways as part of their work on IETF documents.  Some others
   are interested in having their working groups use GitHub to
   facilitate the development of working group documents, but they are
   unfamiliar with how to get started or unclear about which conventions
   to follow.  Some other working groups use or plan to use other code-
   repository services such as GitLab and Bitbucket, which have
   different properties than GitHub.

   This document specifies a set of administrative processes and
   conventions for IETF working groups to use if they choose as a
   working group to use GitHub to facilitate their work.  The
   specifications in this document are not directed at working groups or
   individuals that are already using GitHub to do IETF work.  Practices
   vary among existing working groups, and some of them are not
   consistent with the conventions proposed here: that is fine.  The
   goal of the specifications in this document is not to require
   uniformity in current practice, but to help working groups get
   started using GitHub in a reviewed and validated way, if desired.

2.  Administrative Process and Conventions



   This section specifies an administrative process and conventions to
   support the creation and management of GitHub organizations for
   working groups and single-document repositories in a uniform way.
   The steps may be done manually by the IETF Secretariat, or they may
   be automated.  See <https://github.com/richsalz/ietf-gh-scripts> and
   <https://github.com/martinthomson/i-d-template> for working examples
   of automation that is in use in some working groups.

   In this document the question of whether processes should be manual
   or automated is deliberately left unspecified, since these are
   implementation details that the IETF Secretariat and Tools Team will
   address.

   Most of the conventions below are drawn from [RFC8874].

2.1.  Creation of GitHub Organizations



   This document specifies that there be a facility in the IETF
   Datatracker (<https://datatracker.ietf.org/>) interface to allow an
   area director (AD) or working group chair to request the creation of
   a GitHub organization for a particular working group.  Ideally, this
   facility would appear both as part of the working group chartering UI
   and the working group page UI.

   When an area director or working group chair makes a request to
   create a GitHub organization, the following process would be
   initiated:

   1.  Create a GitHub organization for the working group.

   2.  Name the organization in the format ietf-wg-<wgname>...

   3.  Initialize the organization by designating the IETF Secretariat
       and the area directors in the working group's area as owners.  If
       the responsible AD for the working group is from another area,
       that AD will be an owner as well.

   4.  Initialize the organization with a team that has administrator
       access.  This team will consist of the working group chairs and
       working group secretary, if one exists.

   After the organization is created, the URL for the organization would
   be added to the working group's page in the Datatracker.

   Steps 3 and 4 above imply that the GitHub identities of the
   organization owners and administrators are known.  Recording GitHub
   identities in the Datatracker (see
   <https://trac.tools.ietf.org/tools/ietfdb/ticket/2548>) would
   facilitate this.  The person requesting the organization would need
   to be notified if the GitHub identities of any of the people meant to
   be owners or administrators were not available.

2.2.  Migration of an Existing Organization



   If a working group already has an organization, it would be useful to
   be able to make it have the same management as one would get by going
   through the steps in Section 2.1.  That is, it would be good to be
   able to run Steps 3 and 4 from Section 2.1 so that the rest of the
   activities in this section, such as personnel changes, work the same
   way as for organizations that were created as specified herein.

2.3.  Personnel Changes



   When there are personnel changes in the area or the working group,
   those changes would be reflected in the GitHub organization.  There
   should be an ability in the Datatracker to specify that personnel
   changes have occurred.

2.4.  Working Group Closing



   When a working group is closed, the team with administrative access
   would be removed, and the owner list would be returned to the
   Secretariat and current ADs at the time of closing.  The organization
   summary and the repositories within the organization would be updated
   to indicate that they are no longer under development.  Later, the
   owner list could become just the Secretariat, or it might include
   others chosen by the Secretariat or the IESG.

2.5.  Creation of Document Repository



   There are many different scenarios and configurations where it might
   be useful to have automation or established administrative
   conventions for repositories within WG organizations, such as:

   *  Creating a new repository for an individual draft (at the
      discretion of the WG chair);

   *  Creating a new repository for an already adopted working group
      draft;

   *  Migrating an existing document repository into the WG
      organization; and

   *  Creating a new repository that contains multiple drafts.

   As an incremental step, this document specifies that there be a
   facility in the Datatracker interface to allow an administrator of an
   ietf-wg-<wgname> organization to request the creation of a new
   repository within that organization for a single document.  The
   document authors would be identified as collaborators.  The
   repository name would be the draft name.  Ideally, the repository
   would be configured with a skeleton draft file, default CONTRIBUTING,
   LICENSE, and README files, and continuous integration support, in the
   vein of <https://github.com/martinthomson/i-d-template>.  Performing
   this step would automatically inform the IETF Secretariat that this
   repository should be backed up as described in Section 3.2.

2.6.  Listing Related Repositories



   The IETF Datatracker should allow users to add links to repositories
   (for GitHub and other repository services) on working group,
   document, and user pages.  At the time of this writing, this feature
   was under development.

3.  Working Group Process



   [RFC8874] contains discussion of the different possible ways that a
   working group can use GitHub and the large number of decisions
   associated with doing so.  This section specifies a basic set of
   administrative policies for working groups to follow and the
   administrative support needed to carry out those policies.

3.1.  Contributions



   At a minimum, every repository created in a working group
   organization needs to incorporate into its CONTRIBUTING file the
   boilerplate text at <https://trustee.ietf.org/license-for-open-
   source-repositories.html> from the IETF license file for open-source
   repositories.  The CONTRIBUTING file can contain other information as
   well (see <https://github.com/ietf/repo-files/tree/master/
   contributing-samples> for examples).

   It would be useful if the user data in the Datatracker could list (at
   a minimum) the GitHub account of the user so that their contributions
   could be tracked more easily.

   Some working groups choose to have more than one draft in a
   repository, particularly for drafts that are tightly linked with
   significant cross-references.  In such a case, the README for the
   repository needs to say so clearly, so that a participant understands
   that changes might be made to multiple drafts at once.

3.2.  Backing Up and Archiving GitHub Content



   IETF working group mailing lists are automatically backed up by the
   IETF Secretariat, and the archives are publicly available.  All
   official interactions in a WG must be archived.

   Working group GitHub content also needs to be backed up and publicly
   archived.  This document specifies using the Git protocol
   [git-protocol] itself for both of these tasks.

   Every IETF working group repository on GitHub will have a mirror
   repository of the same name on a server maintained by the IETF
   Secretariat.  Every hour, a service will use the "git fetch" command
   on every GitHub repository that is being tracked.  The mirror
   repository will allow anyone to read the repository.

   Note that this system will not back up GitHub issues or pull
   requests.  These should be backed up as well; the GitHub API allows
   for this.  The IETF Secretariat should back up those at the same time
   as it is backing up the GitHub repositories.

   The steps in Section 2.5 inform the IETF Secretariat which
   repositories should be backed up.  Working group chairs and area
   directors should also be able to request that the IETF Secretariat
   back up additional repositories that are related to IETF working
   groups.

4.  Security Considerations



   An attacker who can change the contents of Internet-Drafts,
   particularly late in a working group's process, can possibly cause
   unnoticed changes in protocols that are eventually adopted.

   There is a risk of data loss due to centralization of data in one
   service.  This is recognized and mitigated by the plan described in
   Section 3.2.

5.  IANA Considerations



   This document has no IANA actions.

6.  Informative References



   [git-protocol]
              Chacon, S. and B. Straub, "Git on the Server - The
              Protocols", in Pro Git, 2014, <https://git-
              scm.com/book/en/v2/Git-on-the-Server-The-Protocols#The-
              Git-Protocol>.

   [RFC8874]  Thomson, M. and B. Stark, "Working Group GitHub Usage
              Guidance", RFC 8874, DOI 10.17487/RFC8874, August 2020,
              <https://www.rfc-editor.org/info/rfc8874>.

Authors' Addresses



   Alissa Cooper
   Cisco

   Email: alcoop@cisco.com


   Paul Hoffman
   ICANN

   Email: paul.hoffman@icann.org