Re: Debian contributor Register of Interests

[Ian Jackson]

Paul Wise writes ("Re: Debian contributor Register of Interests"):
> Perhaps what we need is a a culture of awareness of our own personal
> potential conflicts of interest and guidelines for disclosure (where
> relevant) and examples of conduct that is not appropriate.

Yes.

> Personally, I disclose in the Sponsors section of my activity blog
> posts which aspects of my involvement in FLOSS were influenced by
> employers. I usually mention in bug reports when I've filed a bug
> because of issues experienced by employers. I haven't mentioned
> employers in commit logs or debian/changelog though.

I (usually[1]) use my work email address (eg, in signed-off-by) when I
make contributions which were driven by my employment.

Ian.

[1] Sometimes I fail to do so through oversight, or because I have to
work around busted work email systems.

Re: Debian contributor Register of Interests

[Ian Jackson]

Tollef Fog Heen writes ("Re: Debian contributor Register of Interests"):
 Ian Jackson :
> > From Debian's point of view: I think that anyone who takes prolonged
> > employment with an organisation which takes an active interest in
> > their Debian work, to the extent of taking an interest in what they
> > say about Debian and Free Software, ought to declare that.
> 
> My employer pays for me to go speak at Debconf.  I'm not sure if that
> passes that bar or not.

Certainly it does.  There are things you might reasonably say in a
Debconf talk, or topics that you might choose, that many employers
would object to.

It may be that there are no things you might feel like saying that
you think your employer would actually object to.  But of course that
depends on your assessment of your relationship with your employer.
People outside that relationship aren't privy to the conversations you
have with your management.  And they may have a different view about
your employer's overall trustworthiness than you do.

> > >  An example of what I do think could cause conflicts of interest is
> > > where I'm part of some community (free software or not) and my
> > > interest is in ensuring I have a good standing or status in that
> > > community and this colours judgements I make in Debian.
> > 
> > Most of the communities like that I am part of, are either
> > sufficiently remote from software that they wouldn't care, or are
> > themselves technology projects.
> > 
> > In the latter case, most of the information is already public.  It
> > would be impractical and pointless to ask everyone to collate it.
> 
> Isn't that what the wiki page is about?  Else, you're saying I should
> put nothing on there, since it's all public already.

I think we are still exploring the question of scope in this thread.

As I said earlier, I think substantial financial interests, including
employment in particular, are special.  (They may also, in general,
not already be public for everyone.)

Ian.

Re: Debian contributor Register of Interests

[Paul Wise]

On Tue, May 9, 2017 at 4:16 PM, Jonathan Dowland wrote:

> From time to time (usually during flamewars) the issue of potential conflicts
> of interests sometimes comes up in various places in our around our community.

Today while moderating screenshots.d.n I found what I consider to be a
conflict of interest. Someone uploaded a photograph of a screen
running a Debian package, with the logo of their employer printed on
the area surrounding the screen and the camera angled to include both
the screen and the logo. Since this was plainly advertising I've
rejected the screenshot. Subsequently I thought to search my mail for
this company and was surprised at the result. Consequently I contacted
the person I assume uploaded the screenshot and asked them to resubmit
without the logo.

I'm not sure if this register of interests helps or not but I hope the
Debian community will do better than the above in future.

Perhaps what we need is a a culture of awareness of our own personal
potential conflicts of interest and guidelines for disclosure (where
relevant) and examples of conduct that is not appropriate.

Personally, I disclose in the Sponsors section of my activity blog
posts which aspects of my involvement in FLOSS were influenced by
employers. I usually mention in bug reports when I've filed a bug
because of issues experienced by employers. I haven't mentioned
employers in commit logs or debian/changelog though.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Re: Debian contributor Register of Interests

[Tollef Fog Heen]

]] Ian Jackson 

> Tollef Fog Heen writes ("Re: Debian contributor Register of Interests"):
> > Indeed.  I also think there's a hang-up about financial conflicts of
> > interest in the discussion, but for at least me (and I suspect others),
> > money is a pretty weak motivator.  I generally have enough that it's
> > something I don't need to spend much mental energy on.
> 
> That makes sense.
> 
> But these things can change.  If you don't have enough money then it
> can be a very powerful motivator.  Worry about (say) losing one's job
> can be pretty significant.  For me, being employed to work on free
> software means an inevitable tension between the interests of my
> employer, and my own views.  Indeed such difficulties contributed to
> my need to depart from Canonical.

Absolutely, I'm not saying they can't be, just that they're not that
powerful motivators for everyone (and while I don't have data about it,
I know that IT generally pays ok to well, and the importance of money
goes down as you get more, so it's a reasonable conclusion).

> From Debian's point of view: I think that anyone who takes prolonged
> employment with an organisation which takes an active interest in
> their Debian work, to the extent of taking an interest in what they
> say about Debian and Free Software, ought to declare that.

My employer pays for me to go speak at Debconf.  I'm not sure if that
passes that bar or not.  (I've declared who they are in the context of
the CTTE, which I think is in a somewhat special situation when it comes
to being very clear about conflicts of interest.)

> >  An example of what I do think could cause conflicts of interest is
> > where I'm part of some community (free software or not) and my
> > interest is in ensuring I have a good standing or status in that
> > community and this colours judgements I make in Debian.
> 
> Most of the communities like that I am part of, are either
> sufficiently remote from software that they wouldn't care, or are
> themselves technology projects.
> 
> In the latter case, most of the information is already public.  It
> would be impractical and pointless to ask everyone to collate it.

Isn't that what the wiki page is about?  Else, you're saying I should
put nothing on there, since it's all public already.

-- 
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are

Re: Debian contributor Register of Interests

[Ian Jackson]

Tollef Fog Heen writes ("Re: Debian contributor Register of Interests"):
> Indeed.  I also think there's a hang-up about financial conflicts of
> interest in the discussion, but for at least me (and I suspect others),
> money is a pretty weak motivator.  I generally have enough that it's
> something I don't need to spend much mental energy on.

That makes sense.

But these things can change.  If you don't have enough money then it
can be a very powerful motivator.  Worry about (say) losing one's job
can be pretty significant.  For me, being employed to work on free
software means an inevitable tension between the interests of my
employer, and my own views.  Indeed such difficulties contributed to
my need to depart from Canonical.

>From Debian's point of view: I think that anyone who takes prolonged
employment with an organisation which takes an active interest in
their Debian work, to the extent of taking an interest in what they
say about Debian and Free Software, ought to declare that.

Contracting is a bit different.  I wouldn't expect a contractor to
declare the names of all their clients.  OTOH if a client's scenario
motivated a particular software change, I would expect that to be
mentioned even if the name of the client is not.

The main reasons why money is different seem to me to be:

 * Money-related situations often involve significant power imbalances
   where the individual is subject to the opinions of a payer.

 * Money-related interactions are often kept secret.

>  An example of what I do think could cause conflicts of interest is
> where I'm part of some community (free software or not) and my
> interest is in ensuring I have a good standing or status in that
> community and this colours judgements I make in Debian.

Most of the communities like that I am part of, are either
sufficiently remote from software that they wouldn't care, or are
themselves technology projects.

In the latter case, most of the information is already public.  It
would be impractical and pointless to ask everyone to collate it.

I don't intend to declare my membership of political pressure groups
etc., unless I get appointed to lead one or made a political party's
election candidate, or something.  But those folks don't really have
an opinion about my Free Software work.

That I'm a GNU maintainer, upstream for various other programs, the
operator of chiark, and so on, is all public anyway.  A register of
interests ought not to be a list of everyone's software projects, nor
of all of their hobbies.

Ian.

-- 
Ian Jackson <ijack...@chiark.greenend.org.uk>   These opinions are my own.

If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.

Re: Debian contributor Register of Interests

[Holger Levsen]

On Sun, May 14, 2017 at 08:08:09AM +0200, Tollef Fog Heen wrote:
> Indeed.  I also think there's a hang-up about financial conflicts of
> interest in the discussion, but for at least me (and I suspect others),
> money is a pretty weak motivator.  I generally have enough that it's
> something I don't need to spend much mental energy on.  An example of
> what I do think could cause conflicts of interest is where I'm part of
> some community (free software or not) and my interest is in ensuring I
> have a good standing or status in that community and this colours
> judgements I make in Debian.  I object to collecting all that
> information, though.  It would feel entirely too intrusive.
> 
> There's a question of what is a legitimate interest and what is not, and
> this might be worth exploring, but I suspect it all comes down to «it
> depends» and reasonableness tests.
[...]
> I think «geniunely acting as independent individuals» is a meaningless
> concept, since everything we do is coloured by the context we're in and
> that includes social relations.

totally (=+1 on all quoted). Also, motivation and interests change.

So, I'm sorry, but IMO this wiki page is a waste of time with misleading
results.

That said, have fun anyway but don't be surprised if the page stays pretty
empty and gets outdated fast.


-- 
cheers,
Holger


signature.asc
Description: Digital signature

Re: Debian contributor Register of Interests

[Tollef Fog Heen]

]] Didier 'OdyX' Raboud 

> Assuming a hypothetical Debian contributor with financial interests in
> a hotel business, part-time software engineer and affiliated to a
> political party: not all three connections matter in all Debian work,
> or discussions. The first might matter though iff people start
> considering paying for accomodation in hir hotel; the second might
> matter in a discussion about a piece of software they are paid to work
> on, and the latter might matter when discussing the Debian project's
> eventual reaction to a complicate situation somewhere in the
> world. But these only matter in specific discussions, not constantly.

Indeed.  I also think there's a hang-up about financial conflicts of
interest in the discussion, but for at least me (and I suspect others),
money is a pretty weak motivator.  I generally have enough that it's
something I don't need to spend much mental energy on.  An example of
what I do think could cause conflicts of interest is where I'm part of
some community (free software or not) and my interest is in ensuring I
have a good standing or status in that community and this colours
judgements I make in Debian.  I object to collecting all that
information, though.  It would feel entirely too intrusive.

There's a question of what is a legitimate interest and what is not, and
this might be worth exploring, but I suspect it all comes down to «it
depends» and reasonableness tests.

> Where I'm going to is that I feel we're much better in a situation
> where we don't load all our conversations with references to _all_ our
> "real-life" interests. It opens the floodgates to interpret any
> position under the light of these interests, neglecting the mere idea
> that for plenty (if not all) of Debian interactions, we are genuinely
> acting as independent individuals.

I think «geniunely acting as independent individuals» is a meaningless
concept, since everything we do is coloured by the context we're in and
that includes social relations.

> That said, I still think that there are situations in which declaring
> one's conflicts of interest _does_ matter, but I do expect the
> affected individual to either explcitly retract (or stay away) from
> the discussion, or declare the conflict of interest at that point.

I agree with this, if you do see a possible and reasonable conflict of
interest, declare it and discuss it.

-- 
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are

Re: Debian contributor Register of Interests

[Nikolaus Rath]

On May 11 2017, Russ Allbery  wrote:
> Nikolaus Rath  writes:
>> On May 10 2017, Russ Allbery  wrote:
>
>>> and no conclusions should ever be drawn from it?
>
>> I don't think anyone has said that.
>
> Quoting from the originally proposed wiki page:
>
> | The following people have added themselves to this list. No-one should
> | assume that the presence or absence of a person from this list implies
> | any conflict of interest or misconduct within Debian.

I read that to mean that just because someone is listed on this page he
doesn't necessarily have a conflict of interest. But if you have a
specific issue in mind that you'd like to get resolved, you are welcome
to use the page to figure out who may have a conflict of interest and
take that into account.


Best,
-Nikolaus

-- 
GPG Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F

 »Time flies like an arrow, fruit flies like a Banana.«

Re: Debian contributor Register of Interests

[Ian Jackson]

Didier 'OdyX' Raboud writes ("Re: Debian contributor Register of Interests"):
> That said, I still think that there are situations in which declaring one's 
> conflicts of interest _does_ matter, but I do expect the affected individual 
> to 
> either explcitly retract (or stay away) from the discussion, or declare the 
> conflict of interest at that point.

I try to always declare any conflict of interest I have (or may appear
to have) in a particular situation.  Where the interest is my
employer, I try to use my work email address (badness of email system
permitting).

Ian.

Re: Debian contributor Register of Interests

[Jonathan Dowland]

On Thu, May 11, 2017 at 10:10:39PM +0200, Philip Hands wrote:
> Also, I suspect that anyone that might be tempted to misbehave as a
> result of CoI will not have filled in their entry anyway, which makes me
> wonder what useful purpose this could serve beyond a virtue signalling
> opportunity.

I usually see "virtue signalling" used pejoratively but that accurately
describes my motivations, at least. The intention is simply transparency,
and some of the (limited) feedback I've seen from the wider Debian community
suggests that this has been well received in some quarters. Having said that,
I appreciate the robust discussion in this thread and there's definitely more
refinement to do.


-- 
⢀⣴⠾⠻⢶⣦⠀ 
⣾⠁⢠⠒⠀⣿⡁ Jonathan Dowland
⢿⡄⠘⠷⠚⠋⠀ https://jmtd.net
⠈⠳⣄ Please do not CC me, I am subscribed to the list.

Re: Debian contributor Register of Interests

[Didier 'OdyX' Raboud]

Le mardi, 9 mai 2017, 09.16:21 h CEST Jonathan Dowland a écrit :
> However in the interests of transparency I feel that a voluntary, opt-in
> "Register of Interests" is a good idea for the project. I feel that such a
> list (populated) would demonstrate the transparency and openness that are
> part of our project's values.

I disagree that is is such a good idea, for a specific (and not yet mentionned) 
reason: conflicts of interest are _very_ much situational, _especially_ in the 
Debian context.

Assuming a hypothetical Debian contributor with financial interests in a hotel 
business, part-time software engineer and affiliated to a political party: not 
all three connections matter in all Debian work, or discussions. The first 
might matter though iff people start considering paying for accomodation in 
hir hotel; the second might matter in a discussion about a piece of software 
they are paid to work on, and the latter might matter when discussing the 
Debian project's eventual reaction to a complicate situation somewhere in the 
world. But these only matter in specific discussions, not constantly.

Where I'm going to is that I feel we're much better in a situation where we 
don't load all our conversations with references to _all_ our "real-life" 
interests. It opens the floodgates to interpret any position under the light of 
these interests, neglecting the mere idea that for plenty (if not all) of 
Debian interactions, we are genuinely acting as independent individuals.

That said, I still think that there are situations in which declaring one's 
conflicts of interest _does_ matter, but I do expect the affected individual to 
either explcitly retract (or stay away) from the discussion, or declare the 
conflict of interest at that point.

-- 
OdyX

Re: Debian contributor Register of Interests

[Charles Plessy]

Le Thu, May 11, 2017 at 10:10:39PM +0200, Philip Hands a écrit :
> 
> Also, I suspect that anyone that might be tempted to misbehave as a
> result of CoI will not have filled in their entry anyway, which makes me
> wonder what useful purpose this could serve beyond a virtue signalling
> opportunity.

Hi Philip and everybody,

Preventing misbehaviours is only one side of the issue.  Situations of
conflicts of interests also arise when the public, stakeholders,
colleagues, etc. may have strong feelings that a decision is biased,
which undermines the credibility of persons or decision-making bodies.
In this case, declarations of conflicts of interest leading to step aside
of a decision-making process protect people and institutions from
potentially harmful controversies.

This said, since the situations of conflict of interest arise in
specific contexts, I wonder if a broad list like the one of the wiki is
going to be meaningful, although it is a good exercise for people to
think about possible situations they may encounter in the future.  On
the other hand, I would welcome a more systematic declaration of
conflict of interests when some decisions with far-reaching consequences
on the project are being taken.

Have a nice day,

-- 
Charles Plessy
Tsurumi, Kanagawa, Japan

Re: Debian contributor Register of Interests

[Philip Hands]

Russ Allbery  writes:

> Nikolaus Rath  writes:
>> On May 10 2017, Russ Allbery  wrote:
>
>>> and no conclusions should ever be drawn from it?
>
>> I don't think anyone has said that.
>
> Quoting from the originally proposed wiki page:
>
> | The following people have added themselves to this list. No-one should
> | assume that the presence or absence of a person from this list implies
> | any conflict of interest or misconduct within Debian.
>
> I'm agnostic on the merits of collecting this data -- I can see both
> sides.  But I think the above paragraph is unrealistic, and if we want
> that paragraph to be true, we should not gather the data in the first
> place.

Quite.

Also, I suspect that anyone that might be tempted to misbehave as a
result of CoI will not have filled in their entry anyway, which makes me
wonder what useful purpose this could serve beyond a virtue signalling
opportunity.

Cheers, Phil.
-- 
|)|  Philip Hands  [+44 (0)20 8530 9560]  HANDS.COM Ltd.
|-|  http://www.hands.com/http://ftp.uk.debian.org/
|(|  Hugo-Klemm-Strasse 34,   21075 Hamburg,GERMANY


signature.asc
Description: PGP signature

Re: Debian contributor Register of Interests

[Russ Allbery]

Nikolaus Rath  writes:
> On May 10 2017, Russ Allbery  wrote:

>> and no conclusions should ever be drawn from it?

> I don't think anyone has said that.

Quoting from the originally proposed wiki page:

| The following people have added themselves to this list. No-one should
| assume that the presence or absence of a person from this list implies
| any conflict of interest or misconduct within Debian.

I'm agnostic on the merits of collecting this data -- I can see both
sides.  But I think the above paragraph is unrealistic, and if we want
that paragraph to be true, we should not gather the data in the first
place.

-- 
Russ Allbery (r...@debian.org)   

Re: Debian contributor Register of Interests

[Nikolaus Rath]

On May 10 2017, Russ Allbery  wrote:
> "Dr. Bas Wijnen"  writes:
>> On Tue, May 09, 2017 at 11:51:23PM +, Scott Kitterman wrote:
>
>>> I think it's a horrible idea.  One of the major draws of Debian is that
>>> we are all here for our own reasons.  I don't judge your motivations
>>> and you don't judge nine.
>
>> It's voluntary, so you decide what you want to share.  If you don't want to
>> share anything, that's fine.
>
> How is this meaningful if it's strictly voluntary

You can still use it to infer existence of COI, just not their absence.


> and no conclusions
> should ever be drawn from it?

I don't think anyone has said that.

Best,
-Nikolaus

-- 
GPG Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F

 »Time flies like an arrow, fruit flies like a Banana.«

Re: Debian contributor Register of Interests

[Steve McIntyre]

On Thu, May 11, 2017 at 01:05:09PM +0100, Ian Jackson wrote:
>Jonathan Dowland writes ("Re: Debian contributor Register of Interests"):
>> 
>> I respect that, but I hope that those who are happy to add
>> themselves to the list as it stands are not dissuaded from doing so
>> (in my view, I'd happily see the shape of the list evolve and adapt
>> my entry to fit as necessary).
>
>Right.
>
>TBH I now think this may be too much work.  I guess I will just write
>my own entry and we can see how it evolves.

I've just added my details, and added an extra column for "Notes",
e.g. how the Interest might intersect with Debian.

>> > The list should have a date at which the user's entry was last
>> > updated and signed off by them as complete.
>> 
>> The former can be inferred from the wiki page history.
>
>Well, it's a bit awkward.  And it just shows you the last edit, not
>the last time the user themselves thought it was up to date.

We can check for the last edit by the person in question, which should
cover that I hope!

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
"I used to be the first kid on the block wanting a cranial implant,
 now I want to be the first with a cranial firewall. " -- Charlie Stross

Re: Debian contributor Register of Interests

[Ian Jackson]

Jonathan Dowland writes ("Re: Debian contributor Register of Interests"):
> I'm not sure how to word it but I felt that it was appropriate to
> disclose that I work for Red Hat (Even though I do not work on RHEL
> or Fedora), since Red Hat produces something "similar" to Debian, or
> more specifically a third party could hypothetically allude that it
> was in Red Hat's interests for Debian to make a particular technical
> decision. (I didn't see this rationale on your list)

Yes.

I guess I missed out:

  * Being paid to work on free software more generally

> > I would like to settle the boundaries before we start populating the
> > list.
> 
> I respect that, but I hope that those who are happy to add
> themselves to the list as it stands are not dissuaded from doing so
> (in my view, I'd happily see the shape of the list evolve and adapt
> my entry to fit as necessary).

Right.

TBH I now think this may be too much work.  I guess I will just write
my own entry and we can see how it evolves.

> > The list should have a date at which the user's entry was last
> > updated and signed off by them as complete.
> 
> The former can be inferred from the wiki page history.

Well, it's a bit awkward.  And it just shows you the last edit, not
the last time the user themselves thought it was up to date.

Ian.

Re: Debian contributor Register of Interests

[Russ Allbery]

"Dr. Bas Wijnen"  writes:
> On Tue, May 09, 2017 at 11:51:23PM +, Scott Kitterman wrote:

>> I think it's a horrible idea.  One of the major draws of Debian is that
>> we are all here for our own reasons.  I don't judge your motivations
>> and you don't judge nine.

> It's voluntary, so you decide what you want to share.  If you don't want to
> share anything, that's fine.

How is this meaningful if it's strictly voluntary and no conclusions
should ever be drawn from it?

I'm personally reasonably comfortable with declaring conflicts, but then
mine are pretty simple and pose no complex ethical concerns.  I understand
Scott's concern: I see no way in which this would stay strictly voluntary
and meaningless if it were widely used.  One can say anything one likes on
the page about not drawing conclusions from the data, but if no one is
supposed to draw any conclusions, why are we collecting the data?

In practice, if lots of people fill this out, people *will* draw
conclusions about people who are missing, will exert social pressure for
people to fill this out in various situations, and will draw conclusions
from the data that's disclosed.  This is just human nature, and is only
logical.

If we don't want that to happen, we shouldn't collect the data in the
first place.

-- 
Russ Allbery (r...@debian.org)   

Re: Debian contributor Register of Interests

[Jonathan Dowland]

On Wed, May 10, 2017 at 11:55:33AM -0400, Scott Kitterman wrote:
> Participation in Debian is voluntary, so saying information disclosure is 
> voluntary doesn't really mean anything.

Evidently it does mean something, since here we are discussing it.

> I object to the existence of such a registry because just because it's 
> 'voluntary' now, doesn't mean it won't be effectively mandatory due to either 
> new project rules or social pressures later.

If you object to mandatory impositions, why are you advocating to mandate
preventing people such as I from declaring interest, if we so wish?

-- 
⢀⣴⠾⠻⢶⣦⠀ 
⣾⠁⢠⠒⠀⣿⡁ Jonathan Dowland
⢿⡄⠘⠷⠚⠋⠀ https://jmtd.net
⠈⠳⣄ Please do not CC me, I am subscribed to the list.

Re: Debian contributor Register of Interests

[Henrique de Moraes Holschuh]

On Wed, 10 May 2017, Scott Kitterman wrote:
> On Wednesday, May 10, 2017 09:43:31 AM Julien Cristau wrote:
> > On 05/10/2017 01:51 AM, Scott Kitterman wrote:
> > > If this became a requirement, I'd have to terminate my relationship with
> > > Debian.  These are frankly none of anyone's business.
> > Sounds like you missed the "voluntary, opt-in" part?
> 
> These things always start that way.
> 
> Participation in Debian is voluntary, so saying information disclosure is 
> voluntary doesn't really mean anything.
> 
> I object to the existence of such a registry because just because it's 
> 'voluntary' now, doesn't mean it won't be effectively mandatory due to either 
> new project rules or social pressures later.
> 
> The best way to make sure you don't slip down the slippery slope is stay 
> somewhere flat.

Agreed.

IMO, it would make far more sense to only _consider_ the possibility of
requesting preemtive declaration of every possible conflict of interest
in some *very* specific situations (and have a very narrow list of such
important situations).

The only one that comes to *my* mind right now is the Project Leader and
candidates to the position.

I do expect people to declare _relevant_ conflicts of interest when
appropriate, for example a TC member when writing his position for a TC
*ruling* when there is a possibility of a conflict of interest related
to that that specific ruling.

A DD or DM doing typical packaging and bug-triaging work should not have
to do that very often at all.

Note that to explicitly declare relevant conflicts of interest is
actually a requirement of the Code of Conduct (and/or Code of Ethics) of
the IEEE [1], the ISOC [2], and many other professions and professional
organizations.  A great deal of the DDs are already under such codes and
abide by them, anyway.

And none of that requires (or even makes it a good idea, IMO) to have a
"register of possible conflicts of interest", optional or not.  Let's
not go there, or soon we will have misguided pressure to make it less
optional.


[1] https://www.ieee.org/about/corporate/governance/p7-8.html
7.8.2. to avoid real or perceived conflicts of interest whenever
possible, and to disclose them to affected parties when they do
exist;

[2] 
https://www.internetsociety.org/get-involved/join-community/individuals/code-conduct
(unnumbered) In the case of financial or material conflict between
personal and professional interests, or between two professional
interests, declare this conflict to all interested parties and if
appropriate in public.

-- 
  Henrique Holschuh

Re: Debian contributor Register of Interests

[Scott Kitterman]

On Wednesday, May 10, 2017 09:43:31 AM Julien Cristau wrote:
> On 05/10/2017 01:51 AM, Scott Kitterman wrote:
> > If this became a requirement, I'd have to terminate my relationship with
> > Debian.  These are frankly none of anyone's business.
> Sounds like you missed the "voluntary, opt-in" part?

These things always start that way.

Participation in Debian is voluntary, so saying information disclosure is 
voluntary doesn't really mean anything.

I object to the existence of such a registry because just because it's 
'voluntary' now, doesn't mean it won't be effectively mandatory due to either 
new project rules or social pressures later.

The best way to make sure you don't slip down the slippery slope is stay 
somewhere flat.

Scott K

Re: Debian contributor Register of Interests

[Jonathan Dowland]

On Tue, May 09, 2017 at 01:09:28PM +0100, Ian Jackson wrote:
> I think this is a good idea.

Thanks!

> It would be a good idea to make an annex, giving a list of kinds of
> "interest" that do not need to be mentioned; and ones that should be
> mentioned.

That sounds fine to me.

> Things that _are_ interests worthy of disclosure:

I'm not sure how to word it but I felt that it was appropriate to disclose that
I work for Red Hat (Even though I do not work on RHEL or Fedora), since Red Hat
produces something "similar" to Debian, or more specifically a third party
could hypothetically allude that it was in Red Hat's interests for Debian to
make a particular technical decision. (I didn't see this rationale on your list)

> I would like to settle the boundaries before we start populating the
> list.

I respect that, but I hope that those who are happy to add themselves to the
list as it stands are not dissuaded from doing so (in my view, I'd happily see
the shape of the list evolve and adapt my entry to fit as necessary).

> The list should have a date at which the user's entry was last
> updated and signed off by them as complete.

The former can be inferred from the wiki page history.

-- 
⢀⣴⠾⠻⢶⣦⠀ 
⣾⠁⢠⠒⠀⣿⡁ Jonathan Dowland
⢿⡄⠘⠷⠚⠋⠀ https://jmtd.net
⠈⠳⣄ Please do not CC me, I am subscribed to the list.

Re: Debian contributor Register of Interests

[Dr. Bas Wijnen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, May 09, 2017 at 11:51:23PM +, Scott Kitterman wrote:
> On May 9, 2017 8:09:28 AM EDT, Ian Jackson  
> wrote:
> >Jonathan Dowland   wrote:
> >> However in the interests of transparency I feel that a voluntary,
> >> opt-in "Register of Interests" is a good idea for the project. I feel
> >> that such a list (populated) would demonstrate the transparency and
> >> openness that are part of our project's values.
> >
> >I think this is a good idea.
> 
> I think it's a horrible idea.  One of the major draws of Debian is that we
> are all here for our own reasons.  I don't judge your motivations and you
> don't judge nine.

It's voluntary, so you decide what you want to share.  If you don't want to
share anything, that's fine.

> If this became a requirement, I'd have to terminate my relationship with
> Debian.  These are frankly none of anyone's business.  

Nobody is suggesting that it would be a requirement.  But I disagree that we're
not allowed to know your motivations.  The NM process spends considerable time
to check that applicants agree with the project's philosophy.  If they do, we
can conclude that this will motivate them to work on Debian.  While also having
other motives is perfectly fine, we require people to have at least those
motives before we let them join the project.

> I've packaged software because a project I was being paid to work on needed
> it and I was able to convince them it made sense to put it in the Debian
> archive.

That's great, and as far as I'm concerned, just disclosing that you have been
paid for certain packages would be nice (but again, not doing it is also fine).
Whether or not it's relevant to mention who's paying is up to you.  I can
imagine that some companies would like to be mentioned, because they can use
that to show they are favorable to free software.  But if they don't wan't to
be mentioned, then don't mention them.

> If there were a case where I had an actual conflict of interest (e.g.
> recommending Debian spend funds with an organization that I had a financial
> interest in), that should be disclosed.  That's oddly missing from the list.

That's a good point, and while I agree it should be on the list, I don't think
it will have the effect you expect: this list is voluntary and therefore
incomplete.  People who intentionally misbehave aren't going to declare their
conflict of interest.  They wouldn't do that if they had to, either.

Finally, I'm not sure how useful this list would be, but I don't see a problem
in setting it up.  If someone makes good use of it, great.  If not, nothing is
lost.

Thanks,
Bas
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBAgAGBQJZEu4bAAoJEJzRfVgHwHE6bZAP/jm7P7v9kEazuuiQaUKnpMFc
yLW0Es6IalXmQVNJ/AHe4rwDMuC28CppECEejJVt4SiHkUclYMt++QzUWHLmNrCf
WraVuUGh27SMpnlacC0AxyDLXTtTGHHeA/0dwS/C4UHynRwTyVgIjuwwapwbofGi
IJqcUQlnAiVO7mzCLSZUTyEwxtY6kRjBx8QJ/0vd8lZ9+uh4nPtmq4+m3P0kziTb
A6vrTnJwUjLWbPhBsEbVtnTDcCK+fNcnNMjbXJYWIo8a13pJvZu6krtXGgoWLxmE
zImwySagYZC1XIxis1AV6exLYWCmHdJYvbvaBFk7Y2UielPntOV3ps+AflZmAoXX
Cy2+gAJAR8X5bzEqluHwvqA5V2YSMeDv6BKYBtUdoq3BSc7NcmfdTGXMCIkwrGPC
ylvlhMck015f/TW6BeqZOVeyV02/0zZRPLAZUAbB2dhV1c8CyctVnRCrZcPPQx1s
5F9eqlHqFQgLoVL/grLFYUYWnGbixQ4++Vy79ENV1GngvA7h9XJ5wNnI3owUgBYA
BuEJSljBj6YudqIrzO4QPwuMlsv2BaiI2c7U9WcvmbJnfbS2iMwHcfhPRbuI+DF4
xqb7cuvulHUZxrc2HCqktdg7GSfqFTaCPVDYZAvwakvvXThA9lUFYdjHDo/HaQX8
9Bo8P6pq3YEs6vqtABvC
=Fmz0
-END PGP SIGNATURE-

Re: Debian contributor Register of Interests

[Julien Cristau]

On 05/10/2017 01:51 AM, Scott Kitterman wrote:
> If this became a requirement, I'd have to terminate my relationship with 
> Debian.  These are frankly none of anyone's business.  
> 
Sounds like you missed the "voluntary, opt-in" part?

Cheers,
Julien

Re: Debian contributor Register of Interests

[Scott Kitterman]

On May 9, 2017 8:09:28 AM EDT, Ian Jackson  
wrote:
>Jonathan Dowland   wrote:
>> However in the interests of transparency I feel that a voluntary,
>> opt-in "Register of Interests" is a good idea for the project. I feel
>> that such a list (populated) would demonstrate the transparency and
>> openness that are part of our project's values.
>
>I think this is a good idea.

I think it's a horrible idea.  One of the major draws of Debian is that we are 
all here for our own reasons.  I don't judge your motivations and you don't 
judge nine.

>>> This is a voluntary, opt-in register of Debian contributor's
>"Interests"
>>> (such as: employer).
>
>It would be a good idea to make an annex, giving a list of kinds of
>"interest" that do not need to be mentioned; and ones that should be
>mentioned.
>
>Things that are _not_ interests worthy of disclosure:
>
>  * Holding positions of responsibility within the Debian project,
>or a Debian Trusted Organisation
>
>  * Involvement with political parties (even ones focusing on
>technology or information rights)
>
>  * Using Debian or one of its derivatives, on one's personal
>systems
>
>  * Holding positions of responsibility in Free Software projects,
>other than positions of financial responsibility for projects with
>assets or annual income of more than Eur1,000.
>
>  * Mere membership of charities, pressure groups, industry
>associations, etc.
>
>Things that _are_ interests worthy of disclosure:
>
>  * Being paid to work on Debian
>
>  * Being paid to work on hardware that Debian runs on or might run on
>
>  * Being in a position of influence or authority regarding technology
>purchasing decisions.  Exceptions: your own personal purchasing
>and that of your household and your friends; Debian and Debian's
>TOs.; spends of less than Eur1,000 per year.
>
>  * Holding a formal position of influence or authority in charities,
>pressure groups or industry associations which relate to software
>or computing hardware, information rights, or state-granted
>information monopolies ("intellectual property").
>
>I would like to settle the boundaries before we start populating the
>list.
>
>>> || '''User''' || '''Interest''' || '''From''' || '''Until''' ||
>>> || JonDowland || Red Hat || 2015 || - ||
>
>The list should have a date at which the user's entry was last
>updated and signed off by them as complete.
>
>Ian.

If this became a requirement, I'd have to terminate my relationship with 
Debian.  These are frankly none of anyone's business.  

I've packaged software because a project I was being paid to work on needed it 
and I was able to convince them it made sense to put it in the Debian archive.

The client is private and will remain so.  All rules like the above will 
accomplish is me spending time on working on things for such clients in private 
rather than in the Debian archive.

If there were a case where I had an actual conflict of interest (e.g. 
recommending Debian spend funds with an organization that I had a financial 
interest in), that should be disclosed.  That's oddly missing from the list.

Scott K

Re: Debian contributor Register of Interests

[Luca Filipozzi]

On Tue, May 09, 2017 at 01:09:28PM +0100, Ian Jackson wrote:
> Jonathan Dowland   wrote:
> > However in the interests of transparency I feel that a voluntary,
> > opt-in "Register of Interests" is a good idea for the project. I feel
> > that such a list (populated) would demonstrate the transparency and
> > openness that are part of our project's values.
> 
> I think this is a good idea.

AOL

> >> This is a voluntary, opt-in register of Debian contributor's "Interests"
> >> (such as: employer).
> 
> It would be a good idea to make an annex, giving a list of kinds of
> "interest" that do not need to be mentioned; and ones that should be
> mentioned.
> 
> Things that are _not_ interests worthy of disclosure:
> 
>   * Holding positions of responsibility within the Debian project,
> or a Debian Trusted Organisation

Arguably, holding a position of responsibility within the Debian project or a
Debian Trusted Organization is what might trigger the completion of a CoI form.

>   * Involvement with political parties (even ones focusing on
> technology or information rights)
> 
>   * Using Debian or one of its derivatives, on one's personal
> systems
> 
>   * Holding positions of responsibility in Free Software projects,
> other than positions of financial responsibility for projects with
> assets or annual income of more than Eur1,000.
> 
>   * Mere membership of charities, pressure groups, industry
> associations, etc.
> 
> Things that _are_ interests worthy of disclosure:
> 
>   * Being paid to work on Debian
> 
>   * Being paid to work on hardware that Debian runs on or might run on
> 
>   * Being in a position of influence or authority regarding technology
> purchasing decisions.  Exceptions: your own personal purchasing
> and that of your household and your friends; Debian and Debian's
> TOs.; spends of less than Eur1,000 per year.
> 
>   * Holding a formal position of influence or authority in charities,
> pressure groups or industry associations which relate to software
> or computing hardware, information rights, or state-granted
> information monopolies ("intellectual property").
> 
> I would like to settle the boundaries before we start populating the
> list.

Fully agree.

> >> || '''User''' || '''Interest''' || '''From''' || '''Until''' ||
> >> || JonDowland || Red Hat || 2015 || - ||
> 
> The list should have a date at which the user's entry was last
> updated and signed off by them as complete.

Just as delegations are meant to be refreshed annually, I wonder whether CoIs
should be refreshed annually.

Also, perhaps the CoI 'form' should be an email template that submitters
complete and mail somewhere (GPG-signed). This 'somewhere' could be presented
in a list on some webpage or other. I'm not solutioning, here. I'm questioning
whether we want the non-repudiation that a GPG-signed email provides (or
similar mechanism).

Thanks,

Luca

-- 
Luca Filipozzi
http://www.crowdrise.com/SupportDebian

Re: Debian contributor Register of Interests

[Ian Jackson]

Jonathan Dowland   wrote:
> However in the interests of transparency I feel that a voluntary,
> opt-in "Register of Interests" is a good idea for the project. I feel
> that such a list (populated) would demonstrate the transparency and
> openness that are part of our project's values.

I think this is a good idea.

>> This is a voluntary, opt-in register of Debian contributor's "Interests"
>> (such as: employer).

It would be a good idea to make an annex, giving a list of kinds of
"interest" that do not need to be mentioned; and ones that should be
mentioned.

Things that are _not_ interests worthy of disclosure:

  * Holding positions of responsibility within the Debian project,
or a Debian Trusted Organisation

  * Involvement with political parties (even ones focusing on
technology or information rights)

  * Using Debian or one of its derivatives, on one's personal
systems

  * Holding positions of responsibility in Free Software projects,
other than positions of financial responsibility for projects with
assets or annual income of more than Eur1,000.

  * Mere membership of charities, pressure groups, industry
associations, etc.

Things that _are_ interests worthy of disclosure:

  * Being paid to work on Debian

  * Being paid to work on hardware that Debian runs on or might run on

  * Being in a position of influence or authority regarding technology
purchasing decisions.  Exceptions: your own personal purchasing
and that of your household and your friends; Debian and Debian's
TOs.; spends of less than Eur1,000 per year.

  * Holding a formal position of influence or authority in charities,
pressure groups or industry associations which relate to software
or computing hardware, information rights, or state-granted
information monopolies ("intellectual property").

I would like to settle the boundaries before we start populating the
list.

>> || '''User''' || '''Interest''' || '''From''' || '''Until''' ||
>> || JonDowland || Red Hat || 2015 || - ||

The list should have a date at which the user's entry was last
updated and signed off by them as complete.

Ian.

Re: Debian contributor Register of Interests

[Jonathan Dowland]

On Tue, May 09, 2017 at 09:16:21AM +0100, Jonathan Dowland wrote:
> To that end I sat down just now to create it. Unfortunately wiki.d.o appears
> to have died whilst I was doing so.

Here's the wiki page : https://wiki.debian.org/RegisterOfInterests

Debian contributor Register of Interests

[Jonathan Dowland]

Hi all,

>From time to time (usually during flamewars) the issue of potential conflicts
of interests sometimes comes up in various places in our around our community.

I wish to first state that I have never felt that any Debian contributor that
I know has ever acted against the best interests of the project. I have no
personal concerns about conflicts of interest with any of my Debian colleagues.

However in the interests of transparency I feel that a voluntary, opt-in
"Register of Interests" is a good idea for the project. I feel that such a list
(populated) would demonstrate the transparency and openness that are part of
our project's values.

To that end I sat down just now to create it. Unfortunately wiki.d.o appears
to have died whilst I was doing so. Here's the wiki text that I will be
submitting at my next opportunity:

> This is a voluntary, opt-in register of Debian contributor's "Interests"
> (such as: employer).
>
> On occasion the issue of a conflict of interest is raised within the project,
> especially around topics with many differing or passionate views. The
> intention of this list is for those who agree to clearly indicate any
> potential "Interest" that they may have, for transparency.
>
> The following people have added themselves to this list. No-one should assume
> that the presence or absence of a person from this list implies any conflict
> of interest or misconduct within Debian.
>
> || '''User''' || '''Interest''' || '''From''' || '''Until''' ||
> || JonDowland || Red Hat || 2015 || - ||



-- 
⢀⣴⠾⠻⢶⣦⠀ 
⣾⠁⢠⠒⠀⣿⡁ Jonathan Dowland
⢿⡄⠘⠷⠚⠋⠀ https://jmtd.net
⠈⠳⣄ Please do not CC me, I am subscribed to the list.