[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian contributor Register of Interests

On Tue, May 09, 2017 at 01:09:28PM +0100, Ian Jackson wrote:
> Jonathan Dowland  <jmtd@debian.org> wrote:
> > However in the interests of transparency I feel that a voluntary,
> > opt-in "Register of Interests" is a good idea for the project. I feel
> > that such a list (populated) would demonstrate the transparency and
> > openness that are part of our project's values.
> I think this is a good idea.


> >> This is a voluntary, opt-in register of Debian contributor's "Interests"
> >> (such as: employer).
> It would be a good idea to make an annex, giving a list of kinds of
> "interest" that do not need to be mentioned; and ones that should be
> mentioned.
> Things that are _not_ interests worthy of disclosure:
>   * Holding positions of responsibility within the Debian project,
>     or a Debian Trusted Organisation

Arguably, holding a position of responsibility within the Debian project or a
Debian Trusted Organization is what might trigger the completion of a CoI form.

>   * Involvement with political parties (even ones focusing on
>     technology or information rights)
>   * Using Debian or one of its derivatives, on one's personal
>     systems
>   * Holding positions of responsibility in Free Software projects,
>     other than positions of financial responsibility for projects with
>     assets or annual income of more than Eur1,000.
>   * Mere membership of charities, pressure groups, industry
>     associations, etc.
> Things that _are_ interests worthy of disclosure:
>   * Being paid to work on Debian
>   * Being paid to work on hardware that Debian runs on or might run on
>   * Being in a position of influence or authority regarding technology
>     purchasing decisions.  Exceptions: your own personal purchasing
>     and that of your household and your friends; Debian and Debian's
>     TOs.; spends of less than Eur1,000 per year.
>   * Holding a formal position of influence or authority in charities,
>     pressure groups or industry associations which relate to software
>     or computing hardware, information rights, or state-granted
>     information monopolies ("intellectual property").
> I would like to settle the boundaries before we start populating the
> list.

Fully agree.

> >> || '''User''' || '''Interest''' || '''From''' || '''Until''' ||
> >> || JonDowland || Red Hat || 2015 || - ||
> The list should have a date at which the user's entry was last
> updated and signed off by them as complete.

Just as delegations are meant to be refreshed annually, I wonder whether CoIs
should be refreshed annually.

Also, perhaps the CoI 'form' should be an email template that submitters
complete and mail somewhere (GPG-signed). This 'somewhere' could be presented
in a list on some webpage or other. I'm not solutioning, here. I'm questioning
whether we want the non-repudiation that a GPG-signed email provides (or
similar mechanism).



Luca Filipozzi

Reply to: