Lessons from Rust

matklad · May 1, 2024, 9:04am

In the light of NixOS Foundation board: Giving power to the community, it might be worth re-visiting the recent history of power transition in the Rust programming language community. The result of that transition is the following document:

github.com/rust-lang/rfcs

Add RFC on governance, establishing the Leadership Council

rust-lang:master ← rust-lang:main

opened 10:45PM - 22 Feb 23 UTC

sophiajt

+1498 -0

This RFC was jointly authored by @jntrnr (Core), @joshtriplett (Lang Team Lead),… @khionu (Moderation), @Mark-Simulacrum (Core Project Director, Release Lead), @rylev (Core Project Director), @technetos (Moderation), and @yaahc (Collaboration Project Director). Many thanks to all of the members of "leadership chat" and the wider Rust Project for their many first-pass reviews and feedback. This RFC establishes a Leadership Council as the successor of the core team. The Council delegates much of its authority to teams. > **Note**: This summary provides an overview of the RFC, but it is not authoritative. # Procedural information ## Discussions For discussion on this PR, please use [this dedicated Zulip stream](https://rust-lang.zulipchat.com/#narrow/stream/369838-rfc-leadership-council-feedback). ## Translations The authoritative version of this RFC is in English. However, to support widespread understanding of Rust's governance structure and policies, we've started the process of translating the proposed governance structure and policies into additional languages. Specifically, based on [Rust Survey data](https://blog.rust-lang.org/2022/02/15/Rust-Survey-2021.html) on the top languages for which survey respondents indicated non-English communication would be helpful, we will post (non-authoritative) translations into the following languages as soon as they're available: - [Chinese (Simplified)](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council/Leadership-Council-RFCzh-Hans.md) - [Chinese (Traditional)](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council/Leadership-Council-RFCzh-Hant.md) - [Japanese](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council/Leadership-Council-RFCja.md) - Korean (In Progress, see [this comment below](https://github.com/rust-lang/rfcs/pull/3392#issuecomment-1478820045)) - [Russian](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council/Leadership-Council-RFCru-RU.md) We'll link those translations from here when they're available. Please note that this does not necessarily mean we'll be prepared to handle comments in non-English languages. Any potential future translation decisions will be up to the Council, not this group. If you have feedback on these translations, please let us know, as input for future decisions about translations. ## Supplemental files This RFC includes supplemental text files. Please note the subdirectory [here](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council/). ----- # RFC Summary ## Motivation [[full text]](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council.md#motivation) Rust's structure delegates most decisions to the appropriate team. However, a great deal of work falls outside the purview of any established team. Historically, the core team both identified important work that fell outside of team purviews, and also attempted to do that work itself. However, putting both of those activities in the same team has not scaled and has led to burnout. The Leadership Council established by this RFC focuses on identifying and prioritizing work outside of team purviews. The Council primarily delegates that work, rather than doing that work itself. The Council can also serve as a coordination, organization, and accountability body between teams, such as for cross-team efforts, roadmaps, and the long-term success of the Project. This RFC also establishes mechanisms for oversight and accountability between the Council as a whole, individual Council members, the moderation team, the Project teams, and Project members. ## Duties, expectations, and constraints on the Council [[full text]](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council.md#duties-expectations-and-constraints-on-the-council) The Council indentifies, prioritizes, and tracks work that goes undone due to lack of clear ownership. It delegates this work to teams (which may be new or temporary). In some circumstances it can decide *urgent* matters without a clear owner. The Council also coordinates Project-wide changes to teams, structures, or processes, ensures top-level teams are accountable, and establishes official positions of the Rust Project. ## Structure of the Council [[full text]](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council.md#structure-of-the-council) The Council consists of a set of team [representatives](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council.md#candidate-criteria), each representing one top-level team and its subteams. Each [top-level team](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council.md#top-level-teams) designates a representative, by a process of their choice. Any member of the top-level team or any of its subteams is eligible. All teams in the Rust Project must ultimately fall under at least one top-level team. For teams that do not currently have a parent team, this RFC establishes the ["launching pad" team](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council.md#the-launching-pad-top-level-team) as a temporary home. This ensures that all teams have representation on the Council. Representatives have [limited terms](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council.md#term-limits). There are [limits on the number of representatives from an entity](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council.md#limits-on-representatives-from-a-single-companyentity). Teams should [provide alternates in case of absence](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council.md#alternates-and-forgoing-representation). ## The Council's decision-making process [[full text]](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council.md#the-councils-decision-making-process) The Council makes both [operational and policy decisions](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council.md#operational-vs-policy-decisions). By default, the Council uses a [public consent decision-making process](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council.md#the-consent-decision-making-process) for all decisions, where representatives are asked for their objections rather than explicit approval. The minimum [decision approval criteria](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council.md#approval-criteria) requires a quorum, and requires time for representatives to have seen the proposal. Using the public policy process, the Council can establish [different decision-making processes for classes of decisions](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council.md#modifying-and-tuning-the-decision-making-process). The Council's [agenda and backlog](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council.md#agenda-and-backlog) are its primary interface for issues raised by Project members. All policy decisions should have [evaluation dates](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council.md#feedback-and-evaluation). ## Transparency and oversight for decision making [[full text]](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council.md#transparency-and-oversight-for-decision-making) Different kinds of decisions made by the Leadership Council require varying levels of transparency and oversight. Some types of operational decisions can be made [internally by the Council](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council.md#decisions-that-the-council-may-make-internally), allowing for feedback on the decision afterwards. Some decisions [must be made privately](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council.md#decisions-that-the-council-must-necessarily-make-privately) because they involve private details of individuals or other entities, and making these details public would have a negative impact both on those individuals or entities (e.g. safety) and on the Project (eroding trust). [All other decisions must be made publicly](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council.md#decisions-that-the-council-must-make-via-public-proposal) allowing for feedback on the decision beforehand. A Council representative must not take part in or influence a decision in which they have a [conflict of interest](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council.md#conflicts-of-interest). The Council must approve [expansions of a top-level team's purview, and can adjust the purviews of top-level teams (other than the moderation team)](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council.md#determining-and-changing-team-purviews). ## Mechanisms for oversight and accountability [[full text]](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council.md#mechanisms-for-oversight-and-accountability) The Council must [publicly ensure that the wider Project and community's expectations of the Council are consistently being met](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council.md#ensuring-the-council-is-accountable). Council representatives [should participate in regular feedback](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council.md#ensuring-council-representatives-are-accountable) with each other and with their respective top-level team to reflect on how well they are fulfilling their duties as representatives. The Council also serves as a means for [teams to jointly hold each other accountable, to one another and to the Project](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council.md#ensuring-teams-are-accountable). ## Moderation, disagreements, and conflicts [[full text]](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council.md#moderation-disagreements-and-conflicts) Where possible, teams should attempt to resolve disagreements on their own, [with assistance from the Council as needed](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council.md#disagreements-among-teams). Conflicts involving teams or Project members [should be brought to the moderation team](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council.md#conflicts-involving-teams-or-project-members) as soon as possible. The moderation team must maintain a public list of ["contingent moderators"](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council.md#contingent-moderators). Contingent moderators can work with the moderation team in an [audit process](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council.md#audits) to establish whether the moderation team followed documented policies and procedures. Council members may initiate audits, but the Council never sees private moderation information. As an absolute last resort, either the Council or the moderation team [may choose to simultaneously dissolve both teams](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council.md#last-resort-accountability). Teams then select new representatives, and the contigent moderators become the interim moderation team and select successors. In [moderation cases involving Project members](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council.md#moderation-actions-involving-project-members), any party may request an audit. Moderation cases involving [Council representatives](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council.md#conflicts-involving-council-representatives) or [moderation team members](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council.md#conflicts-involving-moderation-team-members) have additional oversight and accountability measures. ## Ratification of this RFC [[full text]](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council.md#ratification-of-this-rfc) Since November of 2021 the following group has been acting as de-facto Project leadership: all members of the core team, all members of the moderation team, all Project representatives on the Rust Foundation board, and the leads of all the "top-level" teams: - Compiler - Crates.io - Dev tools - Infrastructure - Language - Library - Moderation (already included above) - Release This RFC will be ratified using the standard RFC process, with the approving team being all the members of this de facto leadership group. This group should also raise objections on behalf of other members of the Project; in particular, team leads should solicit feedback from their teams and subteams. [Rendered](https://github.com/rust-lang/rfc-leadership-council/blob/main/text/3392-leadership-council.md)

It is perhaps a worthwhile, if long, read for anyone interested in designing similar structures for NixOS.

Some notes from me:

Rust relies heavily on independent small autonomous teams with authority. In my reading, this is very different from Nix, where there are teams, but they generally don’t have a lot of power to just go and do things. While Rust builds consensus within a team, nix builds community-wide consensus.
Teams were the seed for constitutional assembly. Semi-arbitrary, the leads of top-level teams were designated as such.
The benefit there was legitimacy: given that Rust is a federation of teams, everyone felt its fair if all teamleads together decide what to do next.
The drawback was that the result group of people turned out to be pretty large, and not really focused on solving governance issues. As a result, it took more than a year and a second crisis to go from “we have constitutional assembly” to “we have a proposal for governance”

schuelermine · May 1, 2024, 3:13pm

From what I’ve heard, grievances about leadership were not foreign to the Rust project, even after this RFC.

Aleksanaa · May 1, 2024, 6:08pm

Good thing is that Rust isn’t dying, obviously

ron · May 2, 2024, 4:57am

Thanks for sharing this! It’s quite similar to one of the models I’ve read into quite a bit.
I also believe that this format allows the community to keep scaling sustainably as long as those teams and leads are sufficiently empowered to act/take action and unblock.

matklad · May 2, 2024, 8:28am

Another interesting property is resilience: while the top-level structure of Rust governance was historically quiet unstable and not always functioning satisfactory (hence the abovelinked overhaul), the underlying engineering was steadily moving forward, thanks to the fact that each team can successfully execute autonomously.

One specific reason for this resilience is that formal power to decide is separated from actual power to change things. All private keys, passwords, etc are owned by the infra team, which manages various accesses, but doesn’t itself decide who needs to access what.

amjoseph · May 2, 2024, 11:14am

I don’t want to wade into this, but there are important differences between Rust and nixpkgs:

Rust has clearly defined interfaces between teams which change slowly if at all.
- the language specification is mostly a matter of spelling things out.
- nixpkgs doesn’t even have type declarations for things like stdenv, let alone any sort of specification or hope for one. I’m not sure it really could.
Rust’s teams can do most of their work while “staying in their own lane”.
- There is no reason for somebody working on cargo to need to change the borrow checker.
- The people who keep darwin and riscv/mips/ppc working need the ability to touch every package.[^1]
There is a clear upstream/downstream relationship between all four technical teams.
- language < compiler < libraries < devtools
  - maybe a weak back-edge from a few libraries to the compiler.
- nixpkgs is a big huge fixpoint – a source of both pain and power.

You could adopt a Rust model making nixpkgs one monolithic team, but since 99% of the community spends 99% of their time working on nixpkgs this doesn’t really move the needle.

[1]: I’d like to acknowledge @reckenrode as a great example of somebody who does this respectfully and carefully, avoids creating maintenance externalities, and makes sure he understands things before changing them. (I don’t think that providing counterexamples would be helpful so I won’t do that).

samrose · May 2, 2024, 11:21am

@amjoseph I agree with your assessment fwiw. I do think it will help this community to look at and discuss other models. But I don’t think we should try to just adopt those other models. I think we’d be better off having the model for nixpkgs rationalized and structured by the people doing the work in nixpkgs, Nixos, and Nix, who will need to live with the outcome.

matklad · May 2, 2024, 11:50am

I’d say this is the smaller difference. The bigger difference is that Rust teams were always there, and the governance structure is grown around teams, rather then the teams being sprung into existence through change in governance.

There’s a very strong path-dependency, as teams are self-selected. That is, the current set of people on the teams was picked by the previous set of people on the teams. I don’t think it’s easy to create cohesive teams by fiat.

My interpretation is that, while there is, e.g., a nix team right now, it had a troubled start (it is the second nix team), and doesn’t quiet execute with full efficiency yet (the flakes issue is not resolved one way or another)