[dpl-helpers] Proposed first draft for TO definition. (More of a braindump)

Brian Gupta brian.gupta at brandorr.com
Wed Nov 27 04:38:20 UTC 2013 

[ re-sent, after alioth outage... Just realized that some got the
original email, and most didn't. (Please resend any replies to all).]

---------- Forwarded message ----------
From: Brian Gupta <brian.gupta at brandorr.com>
Date: Thu, Nov 14, 2013 at 1:39 PM
Subject: Re: [dpl-helpers] Proposed first draft for TO definition.
(More of a braindump)
To: Stefano Zacchiroli <zack at debian.org>
Cc: dpl-helpers at lists.alioth.debian.org, auditor at debian.org


On Thu, Nov 14, 2013 at 3:30 AM, Stefano Zacchiroli <zack at debian.org> wrote:
> Hey Brian, thanks a lot for re-starting / stewarding this discussion!
>
> Only some minor comments of mine on specific points below:
>
> On Wed, Nov 13, 2013 at 11:40:14AM -0500, Brian Gupta wrote:
>> - Trusted Organizations must have a legal structure that enables them
>> to accept donations and/or hold assets in trust for Debian, without
>> donations and asset transfers being treated as taxable income.
>
> I'm not sure if we're trying to make a hard list of requirements or more
> of a "it would be nice if" (maybe classifying the various points
> similarly would be useful? don't know...).  Either way, I think that the
> tax exemption part should be in the "would be nice" camp, and not
> necessarily a "must have". I'm thinking here are places where it could
> be particularly hard for a software-related project to get tax
> exemption. I can easily imagine, in those situations, the desire of the
> Debian project to get at least *some* legal/treasury support, even if
> tax exemption is not a possibility (yet).

To be clear the goal here is not necessarily that donations to Debian
are tax deductible for the donor, but rather that donations (that aren't
immediately spent) are not taxed as income. (ex: Debconf13 fund
excess) Also if we do a financial transfer from one TO to another, we
wouldn't want that transfer to be considered a taxable event. I believe
though, with the final bullet clarifying that DPL still has the discretion
to make decisions, none of this criteria are "hard" requirements, and
exceptions can be made, if the DPL feels it is in the best interest of
the project.

>> - Trusted Organizations must have at least two Debian Project Members
>> are part of its leadership/governance structure that make up at least
>> 50% of the leadership structure of the organization. (Numbers are
>> tweakable, but I think we need numbers.)
>
> I agree we need numbers. And I think 2 project members as part of the
> leadership structure (assuming you have in mind something like "board of
> directors" here) is fine. But I fear 50% of it is be too much. In
> particular, if I think at umbrella organization that steward many
> projects, we risk that a requirement like this one forces Debian to be
> in control of the org.
>
> More generally, I think the requirement we're trying to codify here is
> to have trust in the organization. And I don't think we need to
> *control* the org to have that. Trust can be given, well, on a trust
> basis :), and revoked in the future if the org doesn't stay up to the
> project expectations.

Agreed and not-agreed. :) While I believe that historically working with
organizations that are umbrella orgs was the correct decision for the
time, I'm somewhat coming around to the feeling that Debian is a large
enough project, that new TOs, should probably be Debian focused, and
suspect that influenced my proposed numbers. (This also bears with
the fact that all the new TOs we are considering: Debian.ch, Debian France,
and maybe eventually Debian JP are Debian focused orgs.)

Also bear in mind that even if existing TOs do not meet the tighter
criteria we are proposing, that the DPL should always retain the ability
to make exceptions.

>> - Trusted Organizations must provide accountability on assets held in
>> trust, through detailed and regular reports of assets transfers and
>> balance sheets. (We should define regular reports, and if we have any
>> specific requirements).
>
> Ack. I think we should require the ability to emit reports at least
> quarterly report (as a "must have"). As a "nice to have" I suggest
> adding the ability, for Debian, to access a "live" version of
> transfer/balance sheets (like the one we have for FFIS).

Ack.

>> I have one other criteria, that I'd like to propose as well, but
>> currently don't know how to word it, as it's somewhat a change from
>> status quo, but I think it is probably needed. Basically, I feel that
>> Debian should be able to assign Delegates to work for a particular
>> Trusted Org to handle Debian specific assets. i.e. - If the DPL
>> delegates project members to be able to handle the work for dealing
>> with assets, the org should have a way to allow those Delegates to
>> join the TO and do the work. Of course, this Delegation could be to
>> preexisting members of that Trusted Org, but if the Trusted Org needs
>> help, there should be a method in place that Debian can provide "extra
>> hands".
>
> Uhm, isn't the notion you're looking for here the one of "project
> liaison"? Most umbrella orgs have their own notion of who is the project
> liaison. That is usually the DPL, but it doesn't need to be that way, it
> can be a delegate --- and there will be many advantages in having a
> delegate, such as longer terms than DPL terms.  Whether the liaison
> should be a TO member or not is up to the org requirements; maybe we
> should just require the ability to periodically name/change the project
> liaison in the TO? (If so, I suspect this requirement will be trivial to
> satisfy, as orgs already work that way.)

Mmmm.. not quite "project liason", but we should perhaps address that
as well? (I think it might be obvious?) What I am thinking of here, is that
in a case where we need something from a TO, but they don't have the
bandwidth to implement it, that Debian can offer assistance. Perhaps I
am too focused on an existing issue that I am currently dealing with,
and this shouldn't be considered a contingency that we need to bake
into the requirements?

> Thank a bunch for this work, I'm really looking forward to finalize the
> list of TO requirements!
>
> Cheers.
> --
> Stefano Zacchiroli  . . . . . . .  zack at upsilon.cc . . . . o . . . o . o
> Maître de conférences . . . . . http://upsilon.cc/zack . . . o . . . o o
> Former Debian Project Leader  . . @zack on identi.ca . . o o o . . . o .
> « the first rule of tautology club is the first rule of tautology club »

More information about the DPL-helpers mailing list