Update governance (#2197)
* switch to as the maintainers
  mailing list
* use the CNCF code of conduct
* define antrea-io Github org membership and how to become a member
* clarify PR merging process

Signed-off-by: Antonin Bas <>
antoninbas authored May 28, 2021
1 parent 3560475 commit b6d7b61
39 changes: 33 additions & 6 deletions
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,6 @@

This document defines the project governance for Antrea.

This is a Work in Progress, documenting approximately how we plan to operate the

## Overview

**Antrea** is committed to building an open, inclusive, productive and
Expand Down Expand Up @@ -34,14 +31,34 @@ The Antrea community abides by this [code of conduct](
Anyone can contribute to the project (e.g. open a PR) as long as they follow the
guidelines in [](

Frequent contributors to the project can become members of the antrea-io Github
organization and receive write access to the repository. Write access is
required to trigger re-runs of workflows in [Github
Actions]( Becoming
a member of the antrea-io Github organization does not come with additional
responsibilities for the contributor, but simplifies the contributing
process. To become a member, you may [open an
and your membership needs to be approved by two maintainers: approval is
indicated by leaving a `+1` comment. If a contributor is not active for a
duration of 12 months (no contribution of any kind), they may be removed from
the antrea-io Github organization. In case of privilege abuse (members receive
write access to the organization), any maintainer can decide to disable write
access temporarily for the member. Within the next 2 weeks, the maintainer must
either restore the member's privileges, or remove the member from the
organization. The latter requires approval from at least one other maintainer,
which must be obtained publicly either on Github or Slack.

### Maintainers

The list of current maintainers can be found in

Maintainers have write access to the repository. While anyone can review a PR -
and is welcome to do so -, only maintainers can leave an approving review, which
will allow the PR to be merged.
While anyone can review a PR and is encouraged to do so, only maintainers are
allowed to merge the PR. To maintain velocity, only one maintainer's approval is
required to merge a given PR. In case of a disagreement between maintainers, a
vote should be called (on Github or Slack) and a simple majority is required in
order for the PR to be merged.

New maintainers must be nominated from contributors by an existing maintainer
and must be elected by a [supermajority](#supermajority) of the current
Expand All @@ -52,6 +69,16 @@ maintainers or can resign by notifying the maintainers.

A supermajority is defined as two-thirds of members in the group.

## Code of Conduct

The code of conduct is overseen by the Antrea project maintainers. Possible code
of conduct violations should be emailed to the project maintainers at

If the possible violation is against one of the project maintainers that member
will be recused from voting on the issue. Such issues must be escalated to the
appropriate CNCF contact, and CNCF may choose to intervene.

## Updating Governance

All substantive changes in Governance require a supermajority vote of the
6 changes: 3 additions & 3 deletions
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ The community adopted this security disclosure policy to ensure vulnerabilities

If you believe you have identified a vulnerability, please work with the Antrea maintainers to fix it and disclose the issue responsibly.
All security issues, confirmed or suspected, should be reported privately.
Please avoid using github issues, and instead report the vulnerability to
Please avoid using github issues, and instead report the vulnerability to

A vulnerability report should be filed if any of the following applies:

Expand All @@ -29,7 +29,7 @@ Provide a descriptive subject and include the following information in the body:
## Responding to a vulnerability

A coordinator is assigned to each reported security issue. The coordinator is a member from the Antrea maintainers team, and will drive the fix and disclosure process.
At the moment reports are received via email at
At the moment reports are received via email at
The first steps performed by the coordinator are to confirm the validity of the report and send an embargo reminder to all parties involved.
Antrea maintainers and issue reporters will review the issue for confirmation of impact and determination of affected components.

Expand Down Expand Up @@ -59,7 +59,7 @@ A fix is proposed as a patch to the current main branch, formatted with:
git format-patch --stdout HEAD~1 > path/to/local/file.patch

and then sent to
and then sent to

**Please don't push the patch to the Antrea fork on your github account!**

1 change: 0 additions & 1 deletion ci/clair-scan/notify.go
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,6 @@ const (

var Recipients = []string{

func isNeeded(stats *reportStats, maxScore int, newStats *reportStats) bool {
1 change: 1 addition & 0 deletions docs/contributors/
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ The labels in this list originated within Kubernetes at
| area/flow-visibility/aggregation | Issues or PRs related to flow aggregation | Any |
| area/flow-visibility/elk | Issues or PRs related to the reference ELK configuration for flow visualization | Any |
| area/flow-visibility/export | Issues or PRs related to the Flow Exporter functions in the Agent | Any |
| area/github-membership | Categorizes an issue as a membership request to join the antrea-io Github organization | Any |
| area/ipam | Issues or PRs related to IP address management (IPAM) | Any |
| area/interface | Issues or PRs related to network interfaces | Any |
| area/licensing | Issues or PRs related to Antrea licensing | Any |
0 comments on commit b6d7b61

Please sign in to comment.