[dpl-helpers] Evaluation criterias for prospective Trusted Organizations

[Brian Gupta]

On Thu, Jan 2, 2014 at 2:33 PM, Lucas Nussbaum <leader at debian.org> wrote:
> Hi,
>
> On 15/12/13 at 13:49 +0100, Stefano Zacchiroli wrote:
>> On Fri, Dec 13, 2013 at 07:13:10PM +0100, Lucas Nussbaum wrote:
>> > So, new proposal below, where I tried to consolidate all points raised
>> > so far.
>>
>> Thanks for this new text, it looks generally good to me.
>> Some minor comments are inlined below.
>>
>> > The organization should share Debian's general visions
>> > ======================================================
>> >
>> > The organization's activities and political stance should generally
>> > match Debian's own political and philosophical stances. If the
>> > organization is holding assets for other organizations, they should also
>> > generally match Debian's own political and philosophical stances.
>>
>> The second sentence here looks problematic to me. If we take that as a
>> principle, it seems to imply that organizations that have been
>> recognized as TOs should seek Debian approval before accepting other
>> projects under their umbrella, barring the risk that Debian might want
>> to walk away if the don't do so. Given Debian might decide anyhow to
>> walk away whenever we see fit, I'd just remove the second sentence. It's
>> not clear what it gives us.
>
> OK
>
>> > The organization should provide accountability on assets held in trust
>> > ======================================================================
>> >
>> > Some examples of possible implementations:
>> > - The organization provides, on a regular and frequent basis,
>> >   detailed reports of assets tranfers and balance sheets, in a
>> >   machine-parsable format.
>>
>> I suggest to give an idea of what we consider "regular and frequent
>> basis", even if only as an example. As mentioned before, I'd go for
>> "quarterly".
>>
>> > - The organization provides a direct access to Debian's accounts,
>> >   in a machine-parsable format.
>>
>> I think what you mean here with "direct" is access to the live data. I
>> suggest to explicitly say so.
>
> OK
>
> Thanks for the feedback!
>
> I've copied the resulting list, including your suggestions, to
> https://wiki.debian.org/Teams/DPL/TrustedOrganizationCriteria
>
> Any other comments? From Auditors maybe?
>
> If not, I will reach out to SPI, FFIS, Debian.ch and Debian France to
> see if they have feedback or questions about that document.
>
> Regarding the official, constitutional process of discussing the
> addition of TOs, it would probably make sense to go through it for each
> of SPI, FFIS, Debian.ch and Debian France. It's highly unlikely one of
> them won't qualify, but it's still an opportunity to revisit where they
> stand.
>
> Lucas

Generally I'd say it looks great, however there may be a conflict between:

"Donations and sponsorship are tax-deductible for the donor"

and:

"There are no major restrictions on what kind of expenses can be made,
either due to the organization's bylaws or to the legal framework of
the organization",
"There are no major restrictions on how the organization could
transfer money to another TO"

I say this because at least in the US, when money is given to a 501c3
non-profit, like SPI, and the donations are tax-deductible, there are
restrictions on how the money can be spent. e.g. - A conference would
generally be ok, as would services and equipment used to facilitate
the project, but a keg-party, or contributions to a political
campaign, not so much. That said I don't think this will have a
significant impact on how we spend money, just want to make you aware
that when you run it by some of our TOs, they may find issue with the
wording. (I guess it's all in how you parse "major restrictions").

Also for: "There are no major restrictions on how the organization
could transfer money to another TO", we may want to change "money" to
"assets", as we do have non-monetary assets that we might
hypothetically want to transfer between TOs.

Cheers,
-Brian