Evan Phoenix (@evanphx) created Puma and has final say on everything. Maintainers serve at his pleasure.
We have two levels of access and privileges:
This is kept intentionally small for security reasons. If you can cut a gem release, you can push code to a lot of production systems, so we're intentionally quite narrow here.
Current members: Evan Phoenix (@evanphx), Nate Berkopec (@nateberkopec), and Richard Schneeman (@schneems).
We cut releases ~whenever we feel like it.
We may add or remove people from this group if releases start getting bottlenecked, but security is the priority.
We give commit bit if you make significant contributions to minor (or major) releases, consistently over time. Show up, do good work, stick around.
We review this access periodically, but we're looser with it than gem release access.
If you have commit bit, we trust you enough to merge to main without necessarily getting review first.
While all security reports go to Evan directly, maintainers will collaborate together on the fix.
Current members: Everyone on the Maintainers list.
Evan has final say on who gets these rights. Maintainers make suggestions and talk things through, but ultimately it's his call.
In general, Puma maintainership works on the principle of lazy consensus.
We try to mostly work in public, so that more people outside the maintainer team can contribute and help out.
If you have questions or want to suggest changes to how we run things, open an issue.