Hmm, as of right now I don’t really understand this as increased bureaucracy. I think of this as staging things out a bit and being much more explicit. Currently a technology has to get through FESCO review somehow. Right now having had a lot of quiet conversations, my sense is we probably have a bias against experimenting inside the bounds of the project.
With regard to FESCO, the process makes a space for FESCO to delegate this out.. but as governance is currently constructed FESCO has technical oversight authority and this proposal needs to be respectful of that. What I hope this does in practice is make fully integrating things far less contentious and actually drops the active work FESCO has to do. Something run through the sandbox and curated stages should ideally just be a ceremonial changeproposal process. The first project through probably wont be, but as we iterate on this.. that’s what I hope happens.
The sandbox is explicitly stood up so things can be unstable and broken…
Gather round technology enthusiasts, come look at the shiny broken sharp things that you can help polish up using your own blood and tears, into something great.
If Fedora as we know it( is in my mind at least) is the integrated stage in the process, then the integrated stage is leading edge, and sandbox explicitly is allowed to bleed. Since we currently do not have a legal requirement that mandates secure outputs or stable outputs, these are quality concerns that must be addressed at some point because they are expected from fully integrated technologies. But do we need them addressed in the first gate? I don’t think so. They should be identified as concerns and addressed before integration.
Curated is where we figure out how to address deficiencies with some focus. If quality is a concern, what I hope we can figure out how to do is offer the QA team to teach the group of people pushing the technology on how to write and integrate testing. What I do not want to do is overwhelm the existing QA team by asking them to taking on more work. We need to move to self-service of quality…which may mean using our experts to mentor people during the curated phase and expand the sphere of knowledge about how to use the QA testing infra we have to self-service in a sustainable manner.
I would place security as a technical maturity issue. If on exit review from the sandbox the security isn’t sufficient its a technical maturity deficiency that needs to be addressed in curation assuming other aspects are in good shape. Again this is a straw proposal, if security is a big enough issue to have it as a 4th aspect on its own… sure. maybe. The point is entry in to curation needs to show the technology is mostly there towards being integratable. And we need to be able to identify supplemental resources in curation that can help mentor the people championing a technology over the line.
How do we prevent burn out now? How do we assess if infrastructure is sustainable now? You’re talking about systemic problems that is probably already happening. This process should make things much much more explicit about what the expected level of volunteer best effort is sustainable and which new services are too critical to be treated in a best effort fashion.
We have to start being honest with ourselves about when things fall below sustainable levels, and we have to be explicit about the options we’ve agreed to about when that happens. If we are already in a resource deficit for things we maintain and consider critical, that’s a problem on its own. But what I’m very sure of is we can’t just keep adding more and more things without setting some expectations about sustainability. We prevent burn out by being explicit about what we think is sustainable and what is not. We give permission to our future selves stop doing things when they aren’t sustainable any longer by setting some explicit criteria that latch on a review process some time in the future.
That’s going to require discussion, which I want to hold off until the structure here has sufficient buy in. I expect criteria will be an evolving framework and will be context specific to each project. There is some measure of blast radius analysis. The bigger the blast radius, the higher the sustainability threshold is right?