[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Evaluation criterias for (prospective) Trusted Organizations

TL;DR: let's try to implement Constitution 5.1.11 and 9.3: discuss
status of prospective TOs, accept them, have an official list of them.


Our Constitution says:
  The project leader may:
    Add or remove organizations from the list of trusted organizations
    (see §9.3) that are authorized to accept and hold assets for Debian.
    The evaluation and discussion leading up to such a decision occurs
    on an electronic mailing list designated by the Project Leader or
    their Delegate(s), on which any developer may post. There is a
    minimum discussion period of two weeks before an organization may be
    added to the list of trusted organizations.

    9. Assets held in trust for Debian

    In most jurisdictions around the world, the Debian project is not in
    a position to directly hold funds or other property. Therefore,
    property has to be owned by any of a number of organisations as
    detailed in §9.2.

    Traditionally, SPI was the sole organisation authorized to hold
    property and monies for the Debian Project. SPI was created in the
    U.S. to hold money in trust there.

    SPI and Debian are separate organisations who share some goals.
    Debian is grateful for the legal support framework offered by SPI.

   9.3. Trusted organisations
   Any donations for the Debian Project must be made to any one of a set
   of organisations designated by the Project leader (or a delegate) to
   be authorized to handle assets to be used for the Debian Project.

   Organisations holding assets in trust for Debian should undertake
   reasonable obligations for the handling of such assets.

   Debian maintains a public List of Trusted Organisations that accept
   donations and hold assets in trust for Debian (including both
   tangible property and intellectual property) that includes the
   commitments those organisations have made as to how those assets will
   be handled.

So far, we never really implemented those requirements, and the
situation is a bit blurry:
- SPI is a clearly a TO
- FFIS is de-facto a TO (I don't think that anybody is going to argue on
  that), even if we have not had a public discussion about it
- debian.ch holds Debian funds, even if we have not had a public discussion
  about it. Whether it should be considered a TO or not is not clear at
- Debian France is aiming at becoming a TO, and is currently updating
  its bylaws towards that. It already holds some funds for the Debian

With auditors and DPL helpers, we worked on a list of evaluation
criterias for prospective Trusted Organizations[1].
[1] https://wiki.debian.org/Teams/DPL/TrustedOrganizationCriteria
(also copied below for convenience)

The expected next steps are:
1. We review and improve the TO Evaluation Criterias [this mail/thread]
2. I ask each organization to describe how they meet (or not) the
3. We have the two-week public discussion about each organization
4. I officialize the status of each organization

In the end, I am 99% sure that all of SPI, FFIS, debian.ch and Debian
France will be official TOs. However, this work is also a way to review
their status, and better understand some limits, weaknesses, threats,
opportunities, etc.

So, first things first, I would welcome your feedback on the TO
criterias[1]. Soft deadline: 2014-02-01.
[1] https://wiki.debian.org/Teams/DPL/TrustedOrganizationCriteria

Also, I'm inclined to waive the discussion for both SPI and FFIS, and
just officialize their status, given they have been around for a very
long time and served us very well of that time. If you disagree, please
say so.



--- local copy of wiki.d.o/Teams/DPL/TrustedOrganizationCriteria --->8

Debian Trusted Organizations (TO) are organizations that hold and manage
assets on behalf of the Debian project. The list of TOs is maintained by
the Debian Project Leader (following
[[http://www.debian.org/devel/constitution|Debian Constitution]] 5.1.11
and 9).

In order to be accepted as a TO, an organization should provide some
features, and satisfy some criterias. The list below should not be
understood as required features, but rather as a set of desirable
features. A prospective TO is expected to describe how it compares to
this set of desirable features.

== The organization should share Debian's general visions ==

The organization's activities and political stance should generally
match Debian's own political and philosophical stances.

== The organization should remain loyal to Debian ==

The organization should be considered fully trustworthy, or provide
guarantees that Debian's assets will be managed according to the Debian
Project's decisions.

Some examples of possible implementations:
 * The organization has a long history of successfully holding a
   similar role for other Free Software projects
 * The organization is managed by highly respected members of the
   Free Software community
 * The organization has a leadership structure that ensures a
   minimum number and/or a majority of Debian developers
 * The organization has decision-making processes that explicitely
   delegate decisions on Debian assets to the Debian Project Leader

== The organization should provide accountability on assets held in trust ==

Some examples of possible implementations:
 * The organization provides, on a regular and frequent basis (e.g.
   quarterly), detailed reports of assets tranfers and balance sheets,
   in a machine-parsable format.
 * The organization provides access to Debian's accounts live data,
   in a machine-parsable format.

== The organization should be reliable, sustainable, and reactive ==

Some examples of possible implementations:
 * The organization is managed by a large group of active Debian
 * The organization's managers have been involved in Debian or other
   Free Software projects for a long time, and have a high reputation
   of being reliable.
 * The organization has several people sharing the role of treasurer in
   order to react quickly to requests in all circumstances

== The organization should provide a reasonable financial framework ==

For example, it is desirable that:
 * Donations and sponsorship are tax-deductible for the donor
 * Donations, sponsorship, income from sales and transfers from other
   TOs are not subject to income tax
 * There are no major restrictions on what kind of expenses can be made,
   either due to the organization's bylaws or to the legal framework of
   the organization
 * There are no major restrictions on how the organization could transfer
   assets to another TO

Some properties are often mutually exclusive (e.g.; ''tax-deductible for
the donor'' and ''no major restrictions''). This is fine -- the goal here
is to understand beforehand what will be possible for a specific TO.

== Additional opportunities ==

Some organizations might offer additional services to their affiliated
organizations, such as legal counsel.

Some organizations have might plans that result in possible income
for Debian, such are giving to Debian some of the result of the sale of

Attachment: signature.asc
Description: Digital signature

Reply to: