[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Why I think We Probably Want a foundation



TL;DR: I think Debian probably wants a foundation for legal protection.
I think doing this as a DPL platform is all sorts of wrong.

I'm speaking as an individual, although my thoughts are influenced by my
time as DPL.



Hi.
I've generally been coming to the conclusion that we probably need to
have a foundation, but my reasoning is different than Brian's.

I'd first like to address our relationship with SPI.

Martin asks why DPLs haven't been attending the SPI meetings.
For myself two reasons.  First, I never thought of doing so.  If it
makes it way into the DPL hand-off notes as something to consider, then
I probably would have at least shown up and introduced myself.
Honestly, though, from the DPL standpoint I am not at all sure the DPL
really needs to get involved.
Presumably Chris did attend the SPI board meetings at least once he was
elected to the board:-)

When I look at http://spi-inc.org/corporate/board/ I see a lot of
familiar names.
Three of the five board members are clearly heavily involved in Debian.
And I think I've seen a couple of those officers around too in my Debian
work:-)

So if Debian has some concerns to work through--and we do have a
couple--we can and should bring them up with the SPI board.
My interactions with the SPI board fall into one of two categories:

1) When I've asked for achievable things or given feedback, I've gotten
reasonably prompt answers.

2) balls got dropped.  As an example we'd like to understand the
implications of a SPI project working with/taking money from Huawei.
That's complex and the board dropped my question with no answer.  I
believe a couple of others also asked this question.




I'll write to -project separately about the handling of DebConf
donations.

----------------------------------------

My big concern is legal liability for people contributing to Debian.  I
understand that to some extent I'm bringing up an issue that has been
making the rounds on certain blogs.  I'd like to think that I and we can
discuss it more constructively here.

What we tell ourselves is that Debian has no legal existence.
We're part of SPI, and so we hope that we'd have the same protections as
volunteers working for any non-profit.
When representing Debian and SPI, the Software Freedom Law Center is
very careful to advance this argument as much as possible.

But there are alternative ways to look at things.
At Libreplanet 2018, I was talking to a lawyer (not receiving legal
advice--just a hallway conversation) who I respect.
He said that if he wanted to go after Debian, he'd argue that we are a
non-incorporated association.
That might well mean that all our leaders are liable for all the actions
of Debian.

I'm not a lawyer.  But if someone wanted to make that argument we'd have
a fight in court as each individually named defendant tried to argue
that they were just acting as a volunteer on a SPI project and tried to
get the case dismissed against them.  That sounds kind of unfun.  There
have certainly been things I've done as DPL where I really wish I had
better confidence that I am a volunteer for an organized non-profit.

I'll certainly note that Debian as an unincorporated association  is a
lot easier to understand than some more complex story.  Perhaps if
Debian were just a SPI project it would be easy to explain.
Except what about Debian France?  Are we a SPI project that happens to
have assets held by Debian France?  Why would we do that if we're a SPI
project?
Or are we somehow a SPI project *and* a Debian France project?
But wait, how can that work.

Recently, SPI introduced Debian to another lawyer.  Now even SPI is
advancing the idea that Debian has enough independent existence: the
vice president recommended that I sign an agreement on behalf of Debian
while SPI signed an agreement on their behalf managing any potential
conflict of interest that might come up.
I think I'm going to be able to avoid that situation and leave it
entirely to the next DPL.
I'll say that if Debian is legally just part of SPI, it doesn't make
sense for Debian to be signing agreements with itself.

If Debian is more than just part of SPI, I want that more to be a kind
of legal entity that has protection for its officers and volunteers.  I
don't want the separation between SPI and Debian to be a way for
counter-parties to attack us as individuals.

And while we're at it, some insurance would be really nice.  While
working in the IETF, I had insurance.  If I made a mistake as a working
group chair or IANA expert--let's say related to a patent matter or some
antitrust matter--there was insurance to help defend my actions.
As DPL, there's no insurance at all.
There's no insurance if ftpmaster members make an error around
copyright, or if DAM or other parties make an error.

Yeah, insurance costs money.
It's not clear that Debian's recurring  income supports getting the
insurance I wish we had.  But yet, if we went to our community and
demonstrated  we would spend that money to protect our community, we
might find we had the funding we need.


----------------------------------------

I also think there's something to be said for the idea that Debian is
big enough that we want to customize our administrative services.

We want better trademark services that SPI currently provides.
We want better relationships with lawyers than SPI provides by default
to its projects.

These things aren't going to be cheap.
We probably spend more money if we set up a foundation.
But we get more flexibility.

That only works if we are willing to pay for the administrative services
we need.
Some of these things are not things that are working as volunteers.

I think it would be a big risk and a big change.
But I think it might be the right answer.

----------------------------------------

That said, I think attaching this question to the DPL campaign is
harmful to the project.
The question of forming a foundation requires planning and effort for
the project to make an informed decision.
That's more effort than we can make in a two-week campaign period.
If we choose to make that effort it will distract from everything else.
I do not think that is a responsible way to give the foundation concept
the time and energy it deserves while allowing the project to make an
informed decision.


--Sam

Attachment: signature.asc
Description: PGP signature


Reply to: