On 28/12/12 15:25, Holger Levsen wrote: > I disagree this is a good idea/road but I'm not motivated anymore to discuss > this further. > > Anybody can say anything anyhow and so can the DPL. Extending this blankly > and > blindly is not wise, IMO. > > >
Ian's email [1] suggests two possible ways forward: a) ensuring open and transparent disclosure (even if identities are concealed), which at the very least would "make sure nothing like this can ever happen again" b) making some kind of action, which may be perceived as mitigating risk or even a punitive action (that distinction was not made in Ian's email) I agree there is enough information to demand (a), a more thorough disclosure, although I continue to feel that it can be done through an independent audit/review[2] that is likely to protect the names of specific sponsors, if appropriate, in accordance with normal commercial best practice. On issue (b), we actually have a serious problem, because it is not clear to me what rules have been broken. I just made a quick review of the Debian constitution and it explains that DPL delegates are free to operate "as they see fit" (s8.3) In many countries, corporations law expects a director to operate in the best interests of the shareholder and to make a declaration about any transaction that they have an interest in, here is an example: https://www.gov.uk/running-a-limited-company/directors-responsibilities I would contend that there is a big difference between the Debian constitution and the examples typically found in corporations law and employment contracts. The only thing in the constitution that appears to restrict the activities of a DPL delegate is the obligation in s2.1.1 not to "actively work against these rules and decisions properly made under them". Some people might argue that adding more rules about the conduct of the DPL, delegates and other office holders is not necessary for the organisation. Certainly, it would be painful if a developer had to fill out a due diligence form every time they upload a revision to a package. On the other hand, it could be argued that for roles and decisions involving money or legally binding contracts, over a certain threshold, e.g. $5,000, then a more stringent set of rules should be applied, just like in many other organisations. It could also be argued that more stringent rules should apply for DPL, delegates and office holders than for ordinary developers. On the other hand, if we all know what free software means, why bother having the DFSG in writing? Isn't it superfluous? Just as we need such statements as a benchmark for technical decisions, we need the same stringent approach to financial and probity matters. DebConf appears to be the biggest financial exercise related to Debian, and it also involves expenditures by individual participants, particularly in 2013, when the availability of sponsorship for attendance is restricted by the budget and the disproportionately high prices demanded by Swiss train companies, hotels, etc. This means it should be a shining example of best practice in areas of financial transparency. So once again, I would call for these high level issues to be dealt with from a governance perspective rather than making a focus on any particular individuals at this stage. 1. http://lists.debian.org/debian-project/2012/12/msg00066.html 2. http://lists.debconf.org/lurker/message/20121213.222444.a9e64b55.en.html -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/50de3684.40...@pocock.com.au