[dpl-helpers] Proposed first draft for TO definition. (More of a braindump)

Thu Nov 21 16:08:34 UTC 2013

[ re-sent, after alioth outage ]

Hey Brian, thanks a lot for re-starting / stewarding this discussion!

Only some minor comments of mine on specific points below:

On Wed, Nov 13, 2013 at 11:40:14AM -0500, Brian Gupta wrote:
> - Trusted Organizations must have a legal structure that enables them
> to accept donations and/or hold assets in trust for Debian, without
> donations and asset transfers being treated as taxable income.

I'm not sure if we're trying to make a hard list of requirements or more
of a "it would be nice if" (maybe classifying the various points
similarly would be useful? don't know...).  Either way, I think that the
tax exemption part should be in the "would be nice" camp, and not
necessarily a "must have". I'm thinking here are places where it could
be particularly hard for a software-related project to get tax
exemption. I can easily imagine, in those situations, the desire of the
Debian project to get at least *some* legal/treasury support, even if
tax exemption is not a possibility (yet).

> - Trusted Organizations must have at least two Debian Project Members
> are part of its leadership/governance structure that make up at least
> 50% of the leadership structure of the organization. (Numbers are
> tweakable, but I think we need numbers.)

I agree we need numbers. And I think 2 project members as part of the
leadership structure (assuming you have in mind something like "board of
directors" here) is fine. But I fear 50% of it is be too much. In
particular, if I think at umbrella organization that steward many
projects, we risk that a requirement like this one forces Debian to be
in control of the org.

More generally, I think the requirement we're trying to codify here is
to have trust in the organization. And I don't think we need to
*control* the org to have that. Trust can be given, well, on a trust
basis :), and revoked in the future if the org doesn't stay up to the
project expectations.

> - Trusted Organizations must provide accountability on assets held in
> trust, through detailed and regular reports of assets transfers and
> balance sheets. (We should define regular reports, and if we have any
> specific requirements).

Ack. I think we should require the ability to emit reports at least
quarterly report (as a "must have"). As a "nice to have" I suggest
adding the ability, for Debian, to access a "live" version of
transfer/balance sheets (like the one we have for FFIS).

> I have one other criteria, that I'd like to propose as well, but
> currently don't know how to word it, as it's somewhat a change from
> status quo, but I think it is probably needed. Basically, I feel that
> Debian should be able to assign Delegates to work for a particular
> Trusted Org to handle Debian specific assets. i.e. - If the DPL
> delegates project members to be able to handle the work for dealing
> with assets, the org should have a way to allow those Delegates to
> join the TO and do the work. Of course, this Delegation could be to
> preexisting members of that Trusted Org, but if the Trusted Org needs
> help, there should be a method in place that Debian can provide "extra
> hands".

Uhm, isn't the notion you're looking for here the one of "project
liaison"? Most umbrella orgs have their own notion of who is the project
liaison. That is usually the DPL, but it doesn't need to be that way, it
can be a delegate --- and there will be many advantages in having a
delegate, such as longer terms than DPL terms.  Whether the liaison
should be a TO member or not is up to the org requirements; maybe we
should just require the ability to periodically name/change the project
liaison in the TO? (If so, I suspect this requirement will be trivial to
satisfy, as orgs already work that way.)

Thank a bunch for this work, I'm really looking forward to finalize the
list of TO requirements!

Cheers.
-- 
Stefano Zacchiroli  . . . . . . .  zack at upsilon.cc . . . . o . . . o . o
Maître de conférences . . . . . http://upsilon.cc/zack . . . o . . . o o
Former Debian Project Leader  . . @zack on identi.ca . . o o o . . . o .
« the first rule of tautology club is the first rule of tautology club »