Re: Debian contributor Register of Interests

[Russ Allbery]

"Dr. Bas Wijnen"  writes:
> On Tue, May 09, 2017 at 11:51:23PM +, Scott Kitterman wrote:

>> I think it's a horrible idea.  One of the major draws of Debian is that
>> we are all here for our own reasons.  I don't judge your motivations
>> and you don't judge nine.

> It's voluntary, so you decide what you want to share.  If you don't want to
> share anything, that's fine.

How is this meaningful if it's strictly voluntary and no conclusions
should ever be drawn from it?

I'm personally reasonably comfortable with declaring conflicts, but then
mine are pretty simple and pose no complex ethical concerns.  I understand
Scott's concern: I see no way in which this would stay strictly voluntary
and meaningless if it were widely used.  One can say anything one likes on
the page about not drawing conclusions from the data, but if no one is
supposed to draw any conclusions, why are we collecting the data?

In practice, if lots of people fill this out, people *will* draw
conclusions about people who are missing, will exert social pressure for
people to fill this out in various situations, and will draw conclusions
from the data that's disclosed.  This is just human nature, and is only
logical.

If we don't want that to happen, we shouldn't collect the data in the
first place.

-- 
Russ Allbery (r...@debian.org)   

Re: Debian contributor Register of Interests

[Jonathan Dowland]

On Wed, May 10, 2017 at 11:55:33AM -0400, Scott Kitterman wrote:
> Participation in Debian is voluntary, so saying information disclosure is 
> voluntary doesn't really mean anything.

Evidently it does mean something, since here we are discussing it.

> I object to the existence of such a registry because just because it's 
> 'voluntary' now, doesn't mean it won't be effectively mandatory due to either 
> new project rules or social pressures later.

If you object to mandatory impositions, why are you advocating to mandate
preventing people such as I from declaring interest, if we so wish?

-- 
⢀⣴⠾⠻⢶⣦⠀ 
⣾⠁⢠⠒⠀⣿⡁ Jonathan Dowland
⢿⡄⠘⠷⠚⠋⠀ https://jmtd.net
⠈⠳⣄ Please do not CC me, I am subscribed to the list.

Re: Debian contributor Register of Interests

[Henrique de Moraes Holschuh]

On Wed, 10 May 2017, Scott Kitterman wrote:
> On Wednesday, May 10, 2017 09:43:31 AM Julien Cristau wrote:
> > On 05/10/2017 01:51 AM, Scott Kitterman wrote:
> > > If this became a requirement, I'd have to terminate my relationship with
> > > Debian.  These are frankly none of anyone's business.
> > Sounds like you missed the "voluntary, opt-in" part?
> 
> These things always start that way.
> 
> Participation in Debian is voluntary, so saying information disclosure is 
> voluntary doesn't really mean anything.
> 
> I object to the existence of such a registry because just because it's 
> 'voluntary' now, doesn't mean it won't be effectively mandatory due to either 
> new project rules or social pressures later.
> 
> The best way to make sure you don't slip down the slippery slope is stay 
> somewhere flat.

Agreed.

IMO, it would make far more sense to only _consider_ the possibility of
requesting preemtive declaration of every possible conflict of interest
in some *very* specific situations (and have a very narrow list of such
important situations).

The only one that comes to *my* mind right now is the Project Leader and
candidates to the position.

I do expect people to declare _relevant_ conflicts of interest when
appropriate, for example a TC member when writing his position for a TC
*ruling* when there is a possibility of a conflict of interest related
to that that specific ruling.

A DD or DM doing typical packaging and bug-triaging work should not have
to do that very often at all.

Note that to explicitly declare relevant conflicts of interest is
actually a requirement of the Code of Conduct (and/or Code of Ethics) of
the IEEE [1], the ISOC [2], and many other professions and professional
organizations.  A great deal of the DDs are already under such codes and
abide by them, anyway.

And none of that requires (or even makes it a good idea, IMO) to have a
"register of possible conflicts of interest", optional or not.  Let's
not go there, or soon we will have misguided pressure to make it less
optional.


[1] https://www.ieee.org/about/corporate/governance/p7-8.html
7.8.2. to avoid real or perceived conflicts of interest whenever
possible, and to disclose them to affected parties when they do
exist;

[2] 
https://www.internetsociety.org/get-involved/join-community/individuals/code-conduct
(unnumbered) In the case of financial or material conflict between
personal and professional interests, or between two professional
interests, declare this conflict to all interested parties and if
appropriate in public.

-- 
  Henrique Holschuh

Re: Debian contributor Register of Interests

[Scott Kitterman]

On Wednesday, May 10, 2017 09:43:31 AM Julien Cristau wrote:
> On 05/10/2017 01:51 AM, Scott Kitterman wrote:
> > If this became a requirement, I'd have to terminate my relationship with
> > Debian.  These are frankly none of anyone's business.
> Sounds like you missed the "voluntary, opt-in" part?

These things always start that way.

Participation in Debian is voluntary, so saying information disclosure is 
voluntary doesn't really mean anything.

I object to the existence of such a registry because just because it's 
'voluntary' now, doesn't mean it won't be effectively mandatory due to either 
new project rules or social pressures later.

The best way to make sure you don't slip down the slippery slope is stay 
somewhere flat.

Scott K

Re: Debian contributor Register of Interests

[Jonathan Dowland]

On Tue, May 09, 2017 at 01:09:28PM +0100, Ian Jackson wrote:
> I think this is a good idea.

Thanks!

> It would be a good idea to make an annex, giving a list of kinds of
> "interest" that do not need to be mentioned; and ones that should be
> mentioned.

That sounds fine to me.

> Things that _are_ interests worthy of disclosure:

I'm not sure how to word it but I felt that it was appropriate to disclose that
I work for Red Hat (Even though I do not work on RHEL or Fedora), since Red Hat
produces something "similar" to Debian, or more specifically a third party
could hypothetically allude that it was in Red Hat's interests for Debian to
make a particular technical decision. (I didn't see this rationale on your list)

> I would like to settle the boundaries before we start populating the
> list.

I respect that, but I hope that those who are happy to add themselves to the
list as it stands are not dissuaded from doing so (in my view, I'd happily see
the shape of the list evolve and adapt my entry to fit as necessary).

> The list should have a date at which the user's entry was last
> updated and signed off by them as complete.

The former can be inferred from the wiki page history.

-- 
⢀⣴⠾⠻⢶⣦⠀ 
⣾⠁⢠⠒⠀⣿⡁ Jonathan Dowland
⢿⡄⠘⠷⠚⠋⠀ https://jmtd.net
⠈⠳⣄ Please do not CC me, I am subscribed to the list.

Re: Debian contributor Register of Interests

[Dr. Bas Wijnen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, May 09, 2017 at 11:51:23PM +, Scott Kitterman wrote:
> On May 9, 2017 8:09:28 AM EDT, Ian Jackson  
> wrote:
> >Jonathan Dowland   wrote:
> >> However in the interests of transparency I feel that a voluntary,
> >> opt-in "Register of Interests" is a good idea for the project. I feel
> >> that such a list (populated) would demonstrate the transparency and
> >> openness that are part of our project's values.
> >
> >I think this is a good idea.
> 
> I think it's a horrible idea.  One of the major draws of Debian is that we
> are all here for our own reasons.  I don't judge your motivations and you
> don't judge nine.

It's voluntary, so you decide what you want to share.  If you don't want to
share anything, that's fine.

> If this became a requirement, I'd have to terminate my relationship with
> Debian.  These are frankly none of anyone's business.  

Nobody is suggesting that it would be a requirement.  But I disagree that we're
not allowed to know your motivations.  The NM process spends considerable time
to check that applicants agree with the project's philosophy.  If they do, we
can conclude that this will motivate them to work on Debian.  While also having
other motives is perfectly fine, we require people to have at least those
motives before we let them join the project.

> I've packaged software because a project I was being paid to work on needed
> it and I was able to convince them it made sense to put it in the Debian
> archive.

That's great, and as far as I'm concerned, just disclosing that you have been
paid for certain packages would be nice (but again, not doing it is also fine).
Whether or not it's relevant to mention who's paying is up to you.  I can
imagine that some companies would like to be mentioned, because they can use
that to show they are favorable to free software.  But if they don't wan't to
be mentioned, then don't mention them.

> If there were a case where I had an actual conflict of interest (e.g.
> recommending Debian spend funds with an organization that I had a financial
> interest in), that should be disclosed.  That's oddly missing from the list.

That's a good point, and while I agree it should be on the list, I don't think
it will have the effect you expect: this list is voluntary and therefore
incomplete.  People who intentionally misbehave aren't going to declare their
conflict of interest.  They wouldn't do that if they had to, either.

Finally, I'm not sure how useful this list would be, but I don't see a problem
in setting it up.  If someone makes good use of it, great.  If not, nothing is
lost.

Thanks,
Bas
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBAgAGBQJZEu4bAAoJEJzRfVgHwHE6bZAP/jm7P7v9kEazuuiQaUKnpMFc
yLW0Es6IalXmQVNJ/AHe4rwDMuC28CppECEejJVt4SiHkUclYMt++QzUWHLmNrCf
WraVuUGh27SMpnlacC0AxyDLXTtTGHHeA/0dwS/C4UHynRwTyVgIjuwwapwbofGi
IJqcUQlnAiVO7mzCLSZUTyEwxtY6kRjBx8QJ/0vd8lZ9+uh4nPtmq4+m3P0kziTb
A6vrTnJwUjLWbPhBsEbVtnTDcCK+fNcnNMjbXJYWIo8a13pJvZu6krtXGgoWLxmE
zImwySagYZC1XIxis1AV6exLYWCmHdJYvbvaBFk7Y2UielPntOV3ps+AflZmAoXX
Cy2+gAJAR8X5bzEqluHwvqA5V2YSMeDv6BKYBtUdoq3BSc7NcmfdTGXMCIkwrGPC
ylvlhMck015f/TW6BeqZOVeyV02/0zZRPLAZUAbB2dhV1c8CyctVnRCrZcPPQx1s
5F9eqlHqFQgLoVL/grLFYUYWnGbixQ4++Vy79ENV1GngvA7h9XJ5wNnI3owUgBYA
BuEJSljBj6YudqIrzO4QPwuMlsv2BaiI2c7U9WcvmbJnfbS2iMwHcfhPRbuI+DF4
xqb7cuvulHUZxrc2HCqktdg7GSfqFTaCPVDYZAvwakvvXThA9lUFYdjHDo/HaQX8
9Bo8P6pq3YEs6vqtABvC
=Fmz0
-END PGP SIGNATURE-

Re: Debian contributor Register of Interests

[Julien Cristau]

On 05/10/2017 01:51 AM, Scott Kitterman wrote:
> If this became a requirement, I'd have to terminate my relationship with 
> Debian.  These are frankly none of anyone's business.  
> 
Sounds like you missed the "voluntary, opt-in" part?

Cheers,
Julien