tking/bascule-oss
SHA256
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
bascule-oss/GOVERNANCE.md
Tyler King 4aa7e9d816 docs: DCO, NOTICE, and governance framework 
DCO (Developer Certificate of Origin):
  Standard DCO 1.1 (Linux kernel, CNCF, Kubernetes standard)
  Contributors retain copyright — no rights assignment

NOTICE:
  Copyright attribution (Guildhouse LLC)
  Contributors retain copyright, own their implementations
  SessionHandler/AuthProvider as public API boundary
  Tribal jurisdiction for voluntary dispute resolution

GOVERNANCE.md:
  Project governance model and decision making
  IP framework: Guildhouse brand vs contributor code vs shared Apache 2.0
  SessionHandler trait IS the product boundary
  Tribal dispute resolution: voluntary, technically informed
  Tribal partnership mission

CI:
  DCO sign-off check on pull requests
  Existing commits on main exempt

README + CONTRIBUTING:
  Governance section, DCO instructions, corporate guidance

Signed-off-by: Tyler King <tking@guildhouse.dev>
2026-04-05 11:13:20 -04:00

95 lines
3.3 KiB
Markdown
Raw Blame History

# Bascule Project Governance
## Maintainers
Bascule is maintained by [Guildhouse LLC](https://guildhouse.dev).
**Lead maintainer:** Tyler King
## Decision Making
Technical decisions are made by the maintainers with input from the
community via GitHub Issues and Pull Requests.
Major architectural decisions (new backends, new auth providers, trait
changes) are discussed in Issues before implementation.
## Contributions
Contributions are accepted under the [Developer Certificate of Origin](DCO)
(DCO). All commits must include a `Signed-off-by` line:
```bash
git commit -s -m "feat: my contribution"
```
See [CONTRIBUTING.md](CONTRIBUTING.md) for development setup and guidelines.
## Intellectual Property
### What Guildhouse owns
- The Bascule name, logo, and brand
- The proprietary governance stack (GSAP protocol, SAT attestation,
HFL host functions, Chronicle audit, DEFCON posture system)
- These components are NOT part of bascule-oss and are maintained
in separate repositories under separate licenses
### What contributors own
- Copyright to their own contributions (DCO does NOT assign copyright)
- Any implementation of the `SessionHandler` or `AuthProvider` traits
- Any product, service, or extension built using bascule-core as a library
### What's shared (Apache 2.0)
- All code in this repository
- The `SessionHandler` and `AuthProvider` trait definitions
- The SSH proxy core, session backends, and authentication framework
- Documentation, Helm charts, container images, and build scripts
### The boundary
The `SessionHandler` trait is the product boundary. Everything below
the trait (in this repo) is Apache 2.0. Implementations of the trait
are the intellectual property of their authors.
Guildhouse's own session handler (which adds authorization contexts,
completion receipts, operational posture, and audit trails) is
proprietary. It depends on bascule-core as a library, which Apache
2.0 permits.
Third parties are encouraged to build their own session handlers:
- **Security vendors**: integrate risk scoring into session policy
- **Compliance teams**: add audit logging for regulatory requirements
- **Platform teams**: enforce organization-specific access policies
- **MSPs**: build multi-tenant session management
## Dispute Resolution
Guildhouse partners with tribal sovereign nations to provide
technically informed dispute resolution for open source projects.
Disputes may be submitted to tribal jurisdiction for resolution by
adjudicators with expertise in open source software, contribution
attribution, and digital governance.
This forum is:
- **Voluntary** — contributors may choose any court of competent jurisdiction
- **Technically informed** — adjudicators understand open source licensing
- **Efficient** — designed for faster resolution than federal litigation
- **Sovereignty-respecting** — rooted in tribal self-determination
This does not limit any rights under the Apache 2.0 license.
## Tribal Partnership
Guildhouse's mission includes advancing cybersecurity capacity and
digital sovereignty in Indian Country through:
- **Mentorship**: training tribal members in cloud-native infrastructure
- **Infrastructure**: deploying systems on tribal-controlled hardware
- **Jurisdiction**: developing legal frameworks for digital governance
- **Economic participation**: connecting tribal technologists with the
cloud consulting ecosystem
Reference in a new issue View git blame Copy permalink