Re: Position statements short of a GR - DPL statements
On 28/12/12 15:25, Holger Levsen wrote:
> I disagree this is a good idea/road but I'm not motivated anymore to discuss
> this further.
>
> Anybody can say anything anyhow and so can the DPL. Extending this blankly and
> blindly is not wise, IMO.
>
>
>
Ian's email [1] suggests two possible ways forward:
a) ensuring open and transparent disclosure (even if identities are
concealed), which at the very least would "make sure nothing like this
can ever happen again"
b) making some kind of action, which may be perceived as mitigating risk
or even a punitive action (that distinction was not made in Ian's email)
I agree there is enough information to demand (a), a more thorough
disclosure, although I continue to feel that it can be done through an
independent audit/review[2] that is likely to protect the names of
specific sponsors, if appropriate, in accordance with normal commercial
best practice.
On issue (b), we actually have a serious problem, because it is not
clear to me what rules have been broken. I just made a quick review of
the Debian constitution and it explains that DPL delegates are free to
operate "as they see fit" (s8.3)
In many countries, corporations law expects a director to operate in the
best interests of the shareholder and to make a declaration about any
transaction that they have an interest in, here is an example:
https://www.gov.uk/running-a-limited-company/directors-responsibilities
I would contend that there is a big difference between the Debian
constitution and the examples typically found in corporations law and
employment contracts.
The only thing in the constitution that appears to restrict the
activities of a DPL delegate is the obligation in s2.1.1 not to
"actively work against these rules and decisions properly made under them".
Some people might argue that adding more rules about the conduct of the
DPL, delegates and other office holders is not necessary for the
organisation. Certainly, it would be painful if a developer had to fill
out a due diligence form every time they upload a revision to a
package. On the other hand, it could be argued that for roles and
decisions involving money or legally binding contracts, over a certain
threshold, e.g. $5,000, then a more stringent set of rules should be
applied, just like in many other organisations. It could also be argued
that more stringent rules should apply for DPL, delegates and office
holders than for ordinary developers.
On the other hand, if we all know what free software means, why bother
having the DFSG in writing? Isn't it superfluous? Just as we need such
statements as a benchmark for technical decisions, we need the same
stringent approach to financial and probity matters.
DebConf appears to be the biggest financial exercise related to Debian,
and it also involves expenditures by individual participants,
particularly in 2013, when the availability of sponsorship for
attendance is restricted by the budget and the disproportionately high
prices demanded by Swiss train companies, hotels, etc. This means it
should be a shining example of best practice in areas of financial
transparency.
So once again, I would call for these high level issues to be dealt with
from a governance perspective rather than making a focus on any
particular individuals at this stage.
1. http://lists.debian.org/debian-project/2012/12/msg00066.html
2. http://lists.debconf.org/lurker/message/20121213.222444.a9e64b55.en.html
Reply to: