[dpl-helpers] Proposed first draft for TO definition. (More of a braindump)

Brian Gupta brian.gupta at brandorr.com
Thu Sep 26 01:10:54 UTC 2013 

On Wed, Sep 25, 2013 at 5:12 AM, Lucas Nussbaum <leader at debian.org> wrote:
> On 23/08/13 at 17:25 -0400, Brian Gupta wrote:
>> Starting with auditors, and DPL, but if anyone wants to add people to
>> thread please do so. I feel we will probably need more eyes on this.
>> Also, I think we probably will want SFLC review, before we
>> implement/finalize anything.
>>
>> 1) Organization is incorporated as a non-profit and can legally hold
>> assets in the organization's name
>> 2) The leadership structure of organization must have at least three
>> Debian Project Members
>> 3) At least 50% of the leadership structure of the organization must
>> be Debian Project Members
>> 3) The organization is willing to hold assets on behalf of Debian
>> 4) The organization is willing to sign a contract agreeing to only
>> transfer, spend, or use those assets on authorization of the Debian
>> Project Leader or a designated delegate. (Not sure if we want DPL
>> only, or leave DPL flexibility to delegate signatory rights on certain
>> assets. If we do, the delegation almost certainly must be revocable.
>> Perhaps better to leave DPL only.)
>> 5) Organization must be willing and capable of providing detailed
>> reports of asset transfers and balance sheets on a quarterly basis
>> 6) Mission of organization should be in support of Free Software
>> 7) Even if all other criteria are met, it will be at the final
>> Discretion of the DPL to decide if they are to be authorized as a TO.
>>
>> Additional thoughts:
>> 1) Can the designation be revoked? (I'd think yes, if they aren't
>> meeting the criteria of being a TO, or DPL otherwise feels needed, if
>> for some reason the affiliation is no longer beneficial to Debian.)
>> 2) Anything about mission of organization? Perhaps something about
>> Free Software? IE: I can't think of great examples, but if there were
>> a non-profit run by Debian Project Members, but it was say, an
>> educational organization would it be suitable?
>
> Hi Brian,
>
> Thanks a lot for raising this topic.
>
> I think there are two main reasons to do that work:
>
> - Increase the understanding of the Debian "ecosystem" in the general public.
> For that reason, the outcome of this discussion should probably end up on a
> page on www.d.o, for example. The page listing Trusted Organizations (still to
> be written AFAIK) is a good candidate for listing what we expect from TO.

The list of TOs currently exists in the auditor section of the wiki
[1], but once things are finalized I could definitely see moving it to
www.d.o.

> - Clarify what we expect from existing and prospective TOs. For that, the
> listing should be usable as a checklist.

Agreed.

> Trying to rephrase your list into slightly more general points, I came
> up with:
> -------------------------------------------------------------->8
> Debian Trusted Organizations (TO) are organizations that hold and manage
> assets on behalf of the Debian project. The list of TOs is maintained by the
> Debian Project Leader (following Debian Constitution 5.1.11 and 9).
> Generally:
> - Trusted Organizations share Debian's general visions and support Debian's
>   general goals
> - Trusted Organizations have a legal structure that enables them to accept
>   donations and/or hold assets in trust for Debian, and provide Debian with
>   guarantees that those assets will only be managed according to the Debian
>   Project Leader (or delegates) decisions. For example, the leadership
>   structure of the organization could always have a minimum number, and/or
>   a majority of Debian Developers, or the decision making processes of the
>   organization could explicitely delegate decisions to the Debian Project
>   Leader.
> - Trusted Organizations provide accountability on assets held in trust
>   (for example, through detailed and regular reports of assets
>   transfers and balance sheets).
> -------------------------------------------------------------->8
>
> Some comments on the difference between your version and mine:
> - The constitution already contains quite a lot on this topic, we should only
>   defer to it to avoid adding conflicting processes.
>
> - I don't think that we should be too specific on the implementation details.
>   They might differ a lot between different countries.
> - I prefer to use "Debian Developers" rather than "Debian Project Members".
>   That matches the working of the constitution.

Heh, I tried. No worries. DD it is. :)

That said, I think we have to clarify what the initial purpose of this
exercise was, as envisioned by Martin and Zack. My reading of the
constitution seems we already have set forth a definition that isn't
too specific on implementation details, and if memory serves they were
trying to rectify that, by lowering confusion, and reigning in
potential misinterpretation by either Debian or Debian TOs (present
and future.)

I'll add that I am in no way attached to the particulars of my
proposal, but do feel this definition of TO we are working on now,
should lean towards explicit rather than general. (Even if it takes
longer to get it right, and reach consensus). I'll also add that
whatever definition we come up should allow definition changes, and
cover what happens if a definition change puts an existing TO out of
compliance. (Perhaps through a general case leaving revocation and
exceptions at the discretion of the DPL.)

I have additional tweaks I want to add but they are "implementation
details" so I'll hold off for now.

> Lucas

Cheers,
Brian

[1] - https://wiki.debian.org/Teams/Auditor/Organizations

More information about the DPL-helpers mailing list