Securing Software Updates for Automobiles

Uptane Governance

This document covers Uptane’s governance and committer process. It also lists the individuals who serve on its Industry Advisory Group, and as the governing body of the Uptane Alliance.

Uptane Alliance

In July of 2018, Uptane was officially adopted into IEEE’s Industry Standards and Technology Organization (ISTO) as the Uptane Alliance. Uptane is currently a Linux Foundation Joint Development Foundation project. The Uptane Alliance will standardize the Uptane open-source software in order to ensure that manufacturers and suppliers follow best practices for updates within the automotive industry.

As a Linux Foundation Joint Development Foundation project, the Uptane Alliance has officially formed a Board of Directors and is governed by a set of bylaws. The Board of Directors are:

Standards documents

The Uptane standards documents must be approved by a majority of the Uptane Alliance Board of Directors. The Board of Directors may also be changed by action of a majority of board members.

Industry Advisory Group

The following industry representatives serve in an advisory capacity for Uptane.

Maintainership and Consensus Builder (reference implementation)

The reference implementation for the project is maintained by the people indicated in MAINTAINERS. A maintainer is expected to (1) submit and review GitHub pull requests and (2) open issues or submit vulnerability reports. A maintainer has the authority to approve or reject pull requests submitted by contributors. The project’s Consensus Builder (CB) is Justin Cappos (JustinCappos on github).

Changes in maintainership (reference implementation)

A contributor to the project must express interest in becoming a maintainer. The CB has the authority to add or remove maintainers for the reference implementation.

Changes in governance (reference implementation)

The CB supervises changes in governance for the reference implementation.