Initial process

Membership

• membership in another savannah project.
• a mandate from the project to represent the project.
• a published OpenPGP key on a user page on savannah.gnu.org, preferrably signed by other members of the project
• OpenPGP keys must have an expiration date of no more than 10 years.
• members receive an OpenPGP signature with a project OpenPGP key.

Goals of the project

• to operate a CA for code signing in a democratic community process.
• to establish or document standards for code documentation, code review, code conventions, and codes of conduct for open source programmers, projects and communities.
• to establish and maintain a democratic process that allows any project ^[1] with vested interest to participate.
• to establish and maintain an administrative hierarchy ^[2] to implement the policies decided by the project community.
• to act as a reliable non-profit CA with a well documented and public process for certification and certificate revocation.
• to maintain a database of policy complaints so that anybody can file complaints or notices about registered entities concerning an entity's adherance to published ethics.
• to develop and maintain software for the operation of this process.
• to develop and maintain software for code signing and delivery that allows to verify the code review a program was subjected to and to learn the background of entities that claim to have performed the review.
• to collect, write and (re-)publish CERT Advisories about software certified by the CA.

Voting process

• Every member can ask for a voting by all other members.
• For every voting a subdirectory following the pattern webcvs:/voting/<year YYYY>/<topic> is created.
• The voting document is the index.html file of that directory.
  • Other standard file names should be draft.html for comments prior to the voting and comments.html for comments during and after the voting, at which time the index.html and draft.html documents SHOULD NOT be changed anymore.
  • The voting document MUST specify a list of issues and acceptable answers as multiple choice.
  • Choices that are more specific variants of other choices SHOULD be specified as dot separated hierarchies, e.g. create_ca.OpenPGP, where the issue is the creation of a CA and a secondary choice is whether it should be an OpenPGP CA.
• States of a voting are: discuss, open, closed, permanent
• Every voting MUST be announced as discuss on the mailing list and remain in discussion for at least one week.
  • A voting under discussion may be edited by anybody to make amendments.
  • Major changes SHOULD be discussed on the discussion mailing list or presented on a draft.html page in the same directory. (in purpose similar to a wikipedia talk page)
  • Changes to the voting document and draft page MAY be announced through CVS only.
• Every voting MUST be announced as open on the mailing list and remain open for the duration stated in the voting description.
• Every vote MUST address all issues offered by a voting document in the format <issue>=<choice> on separate lines and must be signed with the published OpenPGP key of the project member. The vote is to be interpreted case-sensitive.
• A more specific form can be <issue>.<point>=<general choice>.<specific choice>, with any number of hierarchies. e.g.: "create_ca=yes" (general), "create_ca.OpenPGP=no.yes" (more specific), the latter means the voter is against the creation of the CA if it's not an OpenPGP CA.
• Every vote MUST be stored in an independent file in the votes/ subdirectory of the voting directory with the user name of the eligible voter as the filename, e.g. webcvs:/voting/2006/software/votes/bob
• Eligible voters are only project members that have been project members at the date a voting was created.
• A voting may become permanent if a continual survey appears desirable.
  • To become effective this MUST be a question in the voting document and must be supported by a majority of the given votes when the voting would otherwise be closed.