maintainers: document expectations (#250344)

* maintainers: document expectations

Motivated by https://discourse.nixos.org/t/where-did-you-get-stuck-in-the-nix-ecosystem-tell-me-your-story

Address the uncertainty around maintainers by defining what it
means, what are the expectations and power you get.

* change the wording to be a bit more lax on losing maintainer status

* clarify how removal happens

* expand the reasoning a bit more

* Update maintainers/README.md

Co-authored-by: 7c6f434c <7c6f434c@mail.ru>

* Update maintainers/README.md

Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>

* Update maintainers/README.md

Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>

* Update maintainers/README.md

Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>

* Update maintainers/README.md

Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>

* Update maintainers/README.md

Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>

* Update maintainers/README.md

Co-authored-by: Frederik Rietdijk <freddyrietdijk@fridh.nl>

---------

Co-authored-by: 7c6f434c <7c6f434c@mail.ru>
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
Co-authored-by: Frederik Rietdijk <freddyrietdijk@fridh.nl>

+58 -5
+58 -5
maintainers/README.md
··· 1 1 # Nixpkgs Maintainers 2 2 3 - The *Nixpkgs maintainers* are people who have assigned themselves to 4 - maintain specific individual packages. We encourage people who care 5 - about a package to assign themselves as a maintainer. When a pull 6 - request is made against a package, OfBorg will notify the appropriate 7 - maintainer(s). 3 + Unlike other packaging ecosystems, the maintainer doesn't have exclusive 4 + control over the packages and modules they maintain. This more fluid approach 5 + is one reason why we scale to so many packages. 6 + 7 + ## Definition and role of the maintainer 8 + 9 + The main responsibility of a maintainer is to keep the packages they maintain 10 + in a functioning state, and keep up with updates. In order to do that, they 11 + are empowered to make decisions over the packages they maintain. 12 + 13 + That being said, the maintainer is not alone proposing changes to the 14 + packages. Anybody (both bots and humans) can send PRs to bump or tweak the 15 + package. 16 + 17 + We also allow other non-maintainer committers to merge changes to the package, 18 + provided enough time and priority has been given to the maintainer. 19 + 20 + For most packages, we expect committers to wait at least a week before merging 21 + changes not endorsed by a package maintainer (which may be themselves). This should leave enough time 22 + for the maintainers to provide feedback. 23 + 24 + For critical packages, this convention needs to be negotiated with the 25 + maintainer. A critical package is one that causes mass-rebuild, or where an 26 + author is listed in the [`CODEOWNERS`](../.github/CODEOWNERS) file. 27 + 28 + In case of critical security updates, the [security team](https://nixos.org/community/teams/security) might override these 29 + heuristics in order to get the fixes in as fast as possible. 30 + 31 + In case of conflict, the maintainer takes priority and is allowed to revert 32 + the changes. This can happen for example if the maintainer was on holiday. 33 + 34 + ### How to become a maintainer 35 + 36 + We encourage people who care about a package to assign themselves as a 37 + maintainer. Commit access to the Nixpkgs repository is not required for that. 38 + 39 + In order to do so, add yourself to the 40 + [`maintainer-list.nix`](./maintainer-list.nix), and then to the desired 41 + package's `meta.maintainers` list, and send a PR with the changes. 42 + 43 + ### How to lose maintainer status 44 + 45 + Maintainers who have become inactive on a given package can be removed. This 46 + helps us keep an accurate view of the state of maintenance in Nixpkgs. 47 + 48 + The inactivity measure is currently not strictly enforced. We would typically 49 + look at it if we notice that the author hasn't reacted to package-related 50 + notifications for more than 3 months. 51 + 52 + Removing the maintainer happens by making a PR on the package, adding that 53 + person as a reviewer, and then waiting a week for a reaction. 54 + 55 + The maintainer is welcome to come back at any time. 56 + 57 + ### Tools for maintainers 58 + 59 + When a pull request is made against a package, OfBorg will notify the 60 + appropriate maintainer(s). 8 61 9 62 ## Reviewing contributions 10 63