GlobaLeaks is free, open source software enabling anyone to easily set up and maintain a secure whistleblowing platform.
The software project has been started in 2011 and originally authored by Arturo Filastò, Claudio Agosti, Fabio Pietrosanti, Giovanni Pellerano and Michele Orrù.
Authored in 2021, this document is a responsible and tentative attempt to analyze the existing governance status, define roles and responsibilities in order to properly define a proper project governance and thus be sure to be able to continue to protect whistleblowers in the long run.
This section defines the main project roles and respective responsibilities for the GlobaLeaks Team and other project Contributors.
The Project Lead is responsible for coordinating the overall work of the GlobaLeaks team and of the GlobaLeaks FLOSS community with the aim of continuously improving the software and methodology and protecting whistleblowers.
The project is currently led by Giovanni Pellerano, who is currently the lead developer and has continuously guided and advised contributors and users since 2011. This lead role and responsibility is focused on doing what's best for this project, guiding contributors through the analysis of user requirements and the definition and execution of the Project Roadmap in adherence to Contributributors Guidelines and the Best Practices.
The Project Manager is in charge of managing and coordinating the activities of the project.
Susanna Ferro is the current Project Manager.
The Community Lead is responsible for identifying community needs, verifying and enforcing the project’s Code of Conduct, making sure everybody feels represented and safe.
Rima Sghaier is the current Community Lead.
The Compliance Manager ensures that the project complies with its national, European and international regulatory and legal requirements, as well as internal policies and bylaws.
Alessandro Rodolfi is current Compliance Manager.
The Data Protection Officer (DPO) is responsible for educating the members of the team and the contributors about data compliance, training members of the team who are involved in processing data, and carrying out regular security audits. They also serve as the main point of contact between the company and the relevant data protection authorities.
Rima Sghaier is the current DPO.
Everyone is welcome!
Contributors are invited to adhere to the Contributors Guidelines, participate in the project Community Chat and Forum and to propose contributions opening Tickets and Pull Requests on the project’s Ticketing System.
List of team members, current and previous contributors and related statistics can be found at:
- https://www.globaleaks.org/about/people
- https://github.com/globaleaks/GlobaLeaks/graphs/contributors
- https://www.openhub.net/p/globaleaks
Maintainers of the project are individuals who have been given permissions to push commits to one of the git repositories.
Maintainers are free to push commits to the repositories at their own will. Maintainers are however expected to listen to feedback from users and any change that is non-trivial in size or nature should be brought to the project as a Pull Request to allow others to comment/object before merging.
Anyone can aspire to become a GlobaLeaks maintainer.
If you think you can help make the project better by shouldering some maintaining responsibilities, then please get in touch. There are no mandatory duties. We hope and wish that maintainers consider reviewing patches and help merging them.
For security reasons, after 6 months of inactivity, maintainers get their push permissions revoked. When a maintainer resumes their contribution activities, they can ask to restore their push permissions.
The security team consists of all people who are subscribed to the GlobaLeaks security mailing list, that receive security reports from users and developers.
This list of people vary over time and include experts familiar with the overall project threat model and risks.
The security team is responsible for evaluating reports of security vulnerabilities and issues received according to the Security Policy, as well as scheduling and publishing periodic independent security audits of the software.
We run some infrastructure used to support the community during work and discussions and implemented using open source and socially committed providers.
The infrastructure is administered by Whistleblowing Solution Impresa Sociale, an enterprise mandated to ensure security and compliance for the project resources.
Every part of the GlobaLeaks infrastructure is assigned to 2+ administrators. Access to critical infrastructure is granted with multi-factor authentication.
Many are the organizations that participate in the GlobaLeaks project and that contribute to the project’s sustainability and evolution.
Here are listed the main organizations behind the project’s governance and sustainability:
-
Whistleblowing Solutions Impresa Sociale (S.r.l.): an innovative social enterprise that carries out research and development to support whistleblowers and the fight against corruption. It was founded in 2016 to guarantee the economic sustainability of the GlobaLeaks project, through taking care of the growing number of requests for assistance, maintenance and custom deployment. WBS hosts the development activities and coordinates the community efforts.
-
Hermes Center for Transparency and Digital Human Rights (HERMES): a non-profit association founded in 2012 by a group of hacktivists, lawyers and digital rights defenders to host the development and implementation of open source technologies with the purpose of advocating for freedom of speech online and, more generally, the protection of human rights and personal freedom in a connected world. Fiscal sponsor for the initial GlobaLeaks development lifecycle is owner of the AGPLv3 License and Trademark.
The GlobaLeaks team looks forward to improving the project governance and is exploring the following possibilities:
- incorporating a Foundation specifically dedicated to GlobaLeaks governance;
- appointing a Steering Committee including representatives of the Original Authors & Contributors and involving relevant figures in the field of Whistleblowing, Investigative Journalism, Anti-Corruption, Security and Open Source;
- implementing a contribution model based on Contributor License Agreement (CLA) or Developer Certificate of Origin (DCO)
Feedback is welcome by any former or new contributor.