Re: Tidelift
Another thing I would be interested in: Is Tidelift continuing with the practice to select which projects are worth providing support for? Just asking, because we don’t just have the big projects everyone knows, but also a load of small ones. My experience with trying to get PLC4X listed with Tidelift was catastrophic. Chris From: Jarek Potiuk Date: Sunday, 6. November 2022 at 22:41 To: dev@community.apache.org Subject: Re: Tidelift Yep. That's one of the main "DON'Ts" that are going to be there. On Tue, Nov 1, 2022 at 9:03 AM Bertrand Delacretaz wrote: > Ralph Goers wrote: > > ...I personally have no problem having a project support page > > that lists the individuals who accept GitHub sponsorships. Likewise I > > think it would be OK to list the people who are accepting sponsorship > from > > Tidelift > > +1, and IMO such pages should include a disclaimer that there's no > guarantee that the contributions of sponsored committers will be > accepted by the project, like at [1] maybe. > > That's obvious for ASF community members, but maybe not for their sponsors. > > -Bertrand > > [1] https://community.apache.org/committers/funding-disclaimer.html > > - > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > For additional commands, e-mail: dev-h...@community.apache.org > >
Re: Tidelift
Yep. That's one of the main "DON'Ts" that are going to be there. On Tue, Nov 1, 2022 at 9:03 AM Bertrand Delacretaz wrote: > Ralph Goers wrote: > > ...I personally have no problem having a project support page > > that lists the individuals who accept GitHub sponsorships. Likewise I > > think it would be OK to list the people who are accepting sponsorship > from > > Tidelift > > +1, and IMO such pages should include a disclaimer that there's no > guarantee that the contributions of sponsored committers will be > accepted by the project, like at [1] maybe. > > That's obvious for ASF community members, but maybe not for their sponsors. > > -Bertrand > > [1] https://community.apache.org/committers/funding-disclaimer.html > > - > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > For additional commands, e-mail: dev-h...@community.apache.org > >
Re: Tidelift
Ralph Goers wrote: > ...I personally have no problem having a project support page > that lists the individuals who accept GitHub sponsorships. Likewise I > think it would be OK to list the people who are accepting sponsorship from > Tidelift +1, and IMO such pages should include a disclaimer that there's no guarantee that the contributions of sponsored committers will be accepted by the project, like at [1] maybe. That's obvious for ASF community members, but maybe not for their sponsors. -Bertrand [1] https://community.apache.org/committers/funding-disclaimer.html - To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org
Re: Tidelift
(PMC of Apache projects I mean of course) On Mon, Oct 31, 2022 at 11:11 PM Jarek Potiuk wrote: > > Since you wanted to have a smooth and nice cooperation - as a > courtesy, Is it possible that you explicitly put ASF there and > obligations that are not valid (especially when you reach out to PMCs > of Airflow projects)? > > I think otherwise it puts too much responsibility on individuals to > check what their organisations are ok with. It puts them in a bit of > an awkward position where something is "required" but "not really". > > This might also lead to a number of legal questions from those people > (very few people read past legal issues and discussions in JIRA) which > we want to avoid. > Also some people might not realise that their organisations are not > aware of the requirements and they might accidentally break those. > > A bit of context here why I am interested and discussing it. It's not > that I am arguing against Tidelift or anything like that. I am just > very transparent and try to get this whole cooperation between > contributors and stakeholders hashed out and defined in simple and > straightforward terms that are beneficial for the Foundation. > > The good of ASF, its longevity, values, and vendor-neutrality is an > absolute key for me and top priority. > > So I wanted to make sure that what we will come up, will be completely > neutral and that many, many 3rd-parties like tidelift can make use of > it - equally. > > Over the last few months I've been thinking, discussing and drafting > with a number of people and organisations (and lawyers of mine) a > missing piece in the puzzle. Likely soon I will make a proposal to > legal/board and comms about having a simple page for > "contributor/stakeholder" relationships, where the ASF will actually > explicitly provide some DOs/DOnts and looser guidelines for such a > cooperation (the above will be one of DON'T). When/If it happens - we > will propose and discuss it here, at legal-discuss and finally if that > succeeds - it might be presented to the board. > > Would that help if you have such a page and explicitly refer to it in > case of ASF and you could refer to it explicitly ? > > J. > > > On Mon, Oct 31, 2022 at 10:41 PM Ralph Goers > wrote: > > > > The wording now basically says that anything listed as an obligation can > > be ignored if it conflicts with your organization’s policy requirements. So > > that should make it possible for individuals to agree to work with Tidelift > > without the PMC agreeing to anything. > > > > That said, I personally have no problem having a project support page > > that lists the individuals who accept GitHub sponsorships. Likewise I > > think it would be OK to list the people who are accepting sponsorship from > > Tidelift. But it is not a requirement on a project to do either of these > > things. > > > > Ralph > > > > > > > > > On Oct 31, 2022, at 1:47 PM, Jarek Potiuk wrote: > > > > > > I think the door was always open to work with Tidelift by the individuals. > > > This has never been a problem (and recruiting individual PMC members > > > by you was never a problem either). > > > > > > However, yes, I do have a question now. I am actually - as a PMC > > > member of Apache Airflow interested. You have one of your customers > > > here, actually :). > > > > > > The statement in your document is a bit vague and seems to workaround > > > the original problem a bit. > > > > > > 1) Are you going to ask the individuals in your contract to put the > > > logo of Tidelift on the project's website / github project etc. (in > > > what form) ? > > > 2) Or will you ask them so that they personally as individuals mention > > > they are sponsored by Tidelift ? > > > > > > The former is still not good for ASF IMHO (nothing changed), the > > > latter has always been good (nothing changed either). > > > > > > So for me it looks like nothing has changed, you just stopped > > > requiring individuals to mention Tidelift in the PMC docs (this was > > > the original problem)? > > > > > > Is my understanding correct? > > > > > > Let's take Apache Airflow. What would be a requirement if you want to > > > work with me? > > > > > > And yes - I am perfectly fine to discuss it in public - transparency > > > is super important to me and I always disclose what is the scope and > > > requirements of cooperation I do on open-source (I th
Re: Tidelift
Since you wanted to have a smooth and nice cooperation - as a courtesy, Is it possible that you explicitly put ASF there and obligations that are not valid (especially when you reach out to PMCs of Airflow projects)? I think otherwise it puts too much responsibility on individuals to check what their organisations are ok with. It puts them in a bit of an awkward position where something is "required" but "not really". This might also lead to a number of legal questions from those people (very few people read past legal issues and discussions in JIRA) which we want to avoid. Also some people might not realise that their organisations are not aware of the requirements and they might accidentally break those. A bit of context here why I am interested and discussing it. It's not that I am arguing against Tidelift or anything like that. I am just very transparent and try to get this whole cooperation between contributors and stakeholders hashed out and defined in simple and straightforward terms that are beneficial for the Foundation. The good of ASF, its longevity, values, and vendor-neutrality is an absolute key for me and top priority. So I wanted to make sure that what we will come up, will be completely neutral and that many, many 3rd-parties like tidelift can make use of it - equally. Over the last few months I've been thinking, discussing and drafting with a number of people and organisations (and lawyers of mine) a missing piece in the puzzle. Likely soon I will make a proposal to legal/board and comms about having a simple page for "contributor/stakeholder" relationships, where the ASF will actually explicitly provide some DOs/DOnts and looser guidelines for such a cooperation (the above will be one of DON'T). When/If it happens - we will propose and discuss it here, at legal-discuss and finally if that succeeds - it might be presented to the board. Would that help if you have such a page and explicitly refer to it in case of ASF and you could refer to it explicitly ? J. On Mon, Oct 31, 2022 at 10:41 PM Ralph Goers wrote: > > The wording now basically says that anything listed as an obligation can > be ignored if it conflicts with your organization’s policy requirements. So > that should make it possible for individuals to agree to work with Tidelift > without the PMC agreeing to anything. > > That said, I personally have no problem having a project support page > that lists the individuals who accept GitHub sponsorships. Likewise I > think it would be OK to list the people who are accepting sponsorship from > Tidelift. But it is not a requirement on a project to do either of these > things. > > Ralph > > > > > On Oct 31, 2022, at 1:47 PM, Jarek Potiuk wrote: > > > > I think the door was always open to work with Tidelift by the individuals. > > This has never been a problem (and recruiting individual PMC members > > by you was never a problem either). > > > > However, yes, I do have a question now. I am actually - as a PMC > > member of Apache Airflow interested. You have one of your customers > > here, actually :). > > > > The statement in your document is a bit vague and seems to workaround > > the original problem a bit. > > > > 1) Are you going to ask the individuals in your contract to put the > > logo of Tidelift on the project's website / github project etc. (in > > what form) ? > > 2) Or will you ask them so that they personally as individuals mention > > they are sponsored by Tidelift ? > > > > The former is still not good for ASF IMHO (nothing changed), the > > latter has always been good (nothing changed either). > > > > So for me it looks like nothing has changed, you just stopped > > requiring individuals to mention Tidelift in the PMC docs (this was > > the original problem)? > > > > Is my understanding correct? > > > > Let's take Apache Airflow. What would be a requirement if you want to > > work with me? > > > > And yes - I am perfectly fine to discuss it in public - transparency > > is super important to me and I always disclose what is the scope and > > requirements of cooperation I do on open-source (I think this is > > crucial in the OSS contracts). > > > > J. > > > > On Mon, Oct 31, 2022 at 7:42 PM Joshua Simmons > > wrote: > >> > >> Hi Jarek, > >> > >>> I have a question - what exactly do you expect here? What is your ask and > >>> proposal ? I read the docs and I have not found any action that I or > >> anyone > >>> else here could take here - (possibly that's why you did not get any > >>> response) - I looked at it several days ago but I
Re: Tidelift
The wording now basically says that anything listed as an obligation can be ignored if it conflicts with your organization’s policy requirements. So that should make it possible for individuals to agree to work with Tidelift without the PMC agreeing to anything. That said, I personally have no problem having a project support page that lists the individuals who accept GitHub sponsorships. Likewise I think it would be OK to list the people who are accepting sponsorship from Tidelift. But it is not a requirement on a project to do either of these things. Ralph > On Oct 31, 2022, at 1:47 PM, Jarek Potiuk wrote: > > I think the door was always open to work with Tidelift by the individuals. > This has never been a problem (and recruiting individual PMC members > by you was never a problem either). > > However, yes, I do have a question now. I am actually - as a PMC > member of Apache Airflow interested. You have one of your customers > here, actually :). > > The statement in your document is a bit vague and seems to workaround > the original problem a bit. > > 1) Are you going to ask the individuals in your contract to put the > logo of Tidelift on the project's website / github project etc. (in > what form) ? > 2) Or will you ask them so that they personally as individuals mention > they are sponsored by Tidelift ? > > The former is still not good for ASF IMHO (nothing changed), the > latter has always been good (nothing changed either). > > So for me it looks like nothing has changed, you just stopped > requiring individuals to mention Tidelift in the PMC docs (this was > the original problem)? > > Is my understanding correct? > > Let's take Apache Airflow. What would be a requirement if you want to > work with me? > > And yes - I am perfectly fine to discuss it in public - transparency > is super important to me and I always disclose what is the scope and > requirements of cooperation I do on open-source (I think this is > crucial in the OSS contracts). > > J. > > On Mon, Oct 31, 2022 at 7:42 PM Joshua Simmons > wrote: >> >> Hi Jarek, >> >>> I have a question - what exactly do you expect here? What is your ask and >>> proposal ? I read the docs and I have not found any action that I or >> anyone >>> else here could take here - (possibly that's why you did not get any >>> response) - I looked at it several days ago but I could not find anything >> I >>> could do for one. Now, the message popped up in my reminder and I see I >> was >>> not the only one. >> >> Oh, thank you for asking the question. I could have been more clear! >> >> No action requested or response expected, I sent this follow up as a >> courtesy to the community since it generated so much conversation across >> multiple mailing lists (including this one) back in the January-March time >> frame :o) >> >> That being said, any project committers or PMC members who want to explore >> working with Tidelift to underwrite their work: the door is now open! Our >> subscribers use over 1000 org.apache namespace packages, which means income >> is available for every one of those. Folks who are interested should >> discuss with fellow PMC members and are welcome to reach out to me. >> >> I'll be proactively reaching out to some PMCs, but I want to be respectful >> and not gum up this mailing list with recruitment efforts. >> >> If folks have questions or concerns, I'm here to help! >> >> Cheers, >> Josh >> >> Josh Simmons (he/they), Sr. Principal Foundations Advocate @ Tidelift >> <https://tidelift.com/> >> @joshsimmons <https://twitter.com/joshsimmons> | @josh:josh.tel >> <https://josh.tel/@josh> | bluesomewhere on IRC >> TZ: US/Pacific; UTC-07:00 Mar-Nov; UTC-08:00 Nov-Mar >> ad astra per aspera 🚀 >> >> >> On Sun, Oct 30, 2022 at 5:50 PM Jarek Potiuk wrote: >> >>> I have a question - what exactly do you expect here? What is your ask and >>> proposal ? I read the docs and I have not found any action that I or anyone >>> else here could take here - (possibly that's why you did not get any >>> response) - I looked at it several days ago but I could not find anything I >>> could do for one. Now, the message popped up in my reminder and I see I was >>> not the only one. >>> >>> J. >>> >>> On Thu, Oct 20, 2022 at 8:06 PM Joshua Simmons < >>> joshua.simm...@tidelift.com> >>> wrote: >>> >>>> Hi folks, I wanted to follow up on this thread to
Re: Tidelift
I think the door was always open to work with Tidelift by the individuals. This has never been a problem (and recruiting individual PMC members by you was never a problem either). However, yes, I do have a question now. I am actually - as a PMC member of Apache Airflow interested. You have one of your customers here, actually :). The statement in your document is a bit vague and seems to workaround the original problem a bit. 1) Are you going to ask the individuals in your contract to put the logo of Tidelift on the project's website / github project etc. (in what form) ? 2) Or will you ask them so that they personally as individuals mention they are sponsored by Tidelift ? The former is still not good for ASF IMHO (nothing changed), the latter has always been good (nothing changed either). So for me it looks like nothing has changed, you just stopped requiring individuals to mention Tidelift in the PMC docs (this was the original problem)? Is my understanding correct? Let's take Apache Airflow. What would be a requirement if you want to work with me? And yes - I am perfectly fine to discuss it in public - transparency is super important to me and I always disclose what is the scope and requirements of cooperation I do on open-source (I think this is crucial in the OSS contracts). J. On Mon, Oct 31, 2022 at 7:42 PM Joshua Simmons wrote: > > Hi Jarek, > > > I have a question - what exactly do you expect here? What is your ask and > > proposal ? I read the docs and I have not found any action that I or > anyone > > else here could take here - (possibly that's why you did not get any > > response) - I looked at it several days ago but I could not find anything > I > > could do for one. Now, the message popped up in my reminder and I see I > was > > not the only one. > > Oh, thank you for asking the question. I could have been more clear! > > No action requested or response expected, I sent this follow up as a > courtesy to the community since it generated so much conversation across > multiple mailing lists (including this one) back in the January-March time > frame :o) > > That being said, any project committers or PMC members who want to explore > working with Tidelift to underwrite their work: the door is now open! Our > subscribers use over 1000 org.apache namespace packages, which means income > is available for every one of those. Folks who are interested should > discuss with fellow PMC members and are welcome to reach out to me. > > I'll be proactively reaching out to some PMCs, but I want to be respectful > and not gum up this mailing list with recruitment efforts. > > If folks have questions or concerns, I'm here to help! > > Cheers, > Josh > > Josh Simmons (he/they), Sr. Principal Foundations Advocate @ Tidelift > <https://tidelift.com/> > @joshsimmons <https://twitter.com/joshsimmons> | @josh:josh.tel > <https://josh.tel/@josh> | bluesomewhere on IRC > TZ: US/Pacific; UTC-07:00 Mar-Nov; UTC-08:00 Nov-Mar > ad astra per aspera 🚀 > > > On Sun, Oct 30, 2022 at 5:50 PM Jarek Potiuk wrote: > > > I have a question - what exactly do you expect here? What is your ask and > > proposal ? I read the docs and I have not found any action that I or anyone > > else here could take here - (possibly that's why you did not get any > > response) - I looked at it several days ago but I could not find anything I > > could do for one. Now, the message popped up in my reminder and I see I was > > not the only one. > > > > J. > > > > On Thu, Oct 20, 2022 at 8:06 PM Joshua Simmons < > > joshua.simm...@tidelift.com> > > wrote: > > > > > Hi folks, I wanted to follow up on this thread to let everyone know that > > > we've taken the feedback from ASF community members across a variety of > > > threads and updated our agreements accordingly. For context, I've > > attached > > > a doc summarizing discussion as it stood back in February (including > > links > > > to other relevant threads and docs). > > > > > > The blocker that was identified was Tidelift's "public notice > > requirement" > > > which in most projects would've required an action by the project as a > > > whole, counter to the (rightful) prohibition of directed development > > within > > > ASF-hosted projects. > > > > > > To fix that, we added language to all of our agreements that makes it > > > clear: Tidelift will never ask maintainers to act in contravention with > > the > > > policies of their fiscal sponsor. > > > > > > > > > *> If your Project is for
Re: Tidelift
Hi Jarek, > I have a question - what exactly do you expect here? What is your ask and > proposal ? I read the docs and I have not found any action that I or anyone > else here could take here - (possibly that's why you did not get any > response) - I looked at it several days ago but I could not find anything I > could do for one. Now, the message popped up in my reminder and I see I was > not the only one. Oh, thank you for asking the question. I could have been more clear! No action requested or response expected, I sent this follow up as a courtesy to the community since it generated so much conversation across multiple mailing lists (including this one) back in the January-March time frame :o) That being said, any project committers or PMC members who want to explore working with Tidelift to underwrite their work: the door is now open! Our subscribers use over 1000 org.apache namespace packages, which means income is available for every one of those. Folks who are interested should discuss with fellow PMC members and are welcome to reach out to me. I'll be proactively reaching out to some PMCs, but I want to be respectful and not gum up this mailing list with recruitment efforts. If folks have questions or concerns, I'm here to help! Cheers, Josh Josh Simmons (he/they), Sr. Principal Foundations Advocate @ Tidelift <https://tidelift.com/> @joshsimmons <https://twitter.com/joshsimmons> | @josh:josh.tel <https://josh.tel/@josh> | bluesomewhere on IRC TZ: US/Pacific; UTC-07:00 Mar-Nov; UTC-08:00 Nov-Mar ad astra per aspera 🚀 On Sun, Oct 30, 2022 at 5:50 PM Jarek Potiuk wrote: > I have a question - what exactly do you expect here? What is your ask and > proposal ? I read the docs and I have not found any action that I or anyone > else here could take here - (possibly that's why you did not get any > response) - I looked at it several days ago but I could not find anything I > could do for one. Now, the message popped up in my reminder and I see I was > not the only one. > > J. > > On Thu, Oct 20, 2022 at 8:06 PM Joshua Simmons < > joshua.simm...@tidelift.com> > wrote: > > > Hi folks, I wanted to follow up on this thread to let everyone know that > > we've taken the feedback from ASF community members across a variety of > > threads and updated our agreements accordingly. For context, I've > attached > > a doc summarizing discussion as it stood back in February (including > links > > to other relevant threads and docs). > > > > The blocker that was identified was Tidelift's "public notice > requirement" > > which in most projects would've required an action by the project as a > > whole, counter to the (rightful) prohibition of directed development > within > > ASF-hosted projects. > > > > To fix that, we added language to all of our agreements that makes it > > clear: Tidelift will never ask maintainers to act in contravention with > the > > policies of their fiscal sponsor. > > > > > > *> If your Project is formally part of a larger open source organization, > > such a fiscal sponsor or other non-profit that provides technical > > infrastructure to open source projects, Tidelift will not require you to > > perform Services that are in conflict with any written requirements of > that > > organization.* > > > > The full text of our updated agreement can be found here: > > > https://support.tidelift.com/hc/en-us/articles/4406309657876-Lifter-agreement > > > > Our hope is that this removes a barrier between maintainers of ASF-hosted > > projects and receiving income from downstream users through Tidelift to > > support work which might otherwise go uncompensated. > > > > If there are any other questions or concerns that folks have, please do > > let me know! My role these days is entirely focused on making sure we're > > addressing the needs of foundations like the Apache Software Foundation > and > > its member projects. I've also included co-founder Jeremy Katz on this > > email, as doing right by foundations and the projects they host is a > > priority for all of Tidelift. > > > > Onward and upward, > > Josh > > > > Josh Simmons (he/they), Sr. Principal Foundations Advocate @ Tidelift > > <https://tidelift.com/> > > @joshsimmons <https://twitter.com/joshsimmons> | > > joshua.simm...@tidelift.com | bluesomewhere on IRC > > TZ: US/Pacific; UTC-07:00 Mar-Nov; UTC-08:00 Nov-Mar > > ad astra per aspera [image: 🚀] > > > > > > On 2022/01/11 21:49:59 Ralph Goers wrote: > > > Hello all, > > > > > > Recently the L
Re: Tidelift
I have a question - what exactly do you expect here? What is your ask and proposal ? I read the docs and I have not found any action that I or anyone else here could take here - (possibly that's why you did not get any response) - I looked at it several days ago but I could not find anything I could do for one. Now, the message popped up in my reminder and I see I was not the only one. J. On Thu, Oct 20, 2022 at 8:06 PM Joshua Simmons wrote: > Hi folks, I wanted to follow up on this thread to let everyone know that > we've taken the feedback from ASF community members across a variety of > threads and updated our agreements accordingly. For context, I've attached > a doc summarizing discussion as it stood back in February (including links > to other relevant threads and docs). > > The blocker that was identified was Tidelift's "public notice requirement" > which in most projects would've required an action by the project as a > whole, counter to the (rightful) prohibition of directed development within > ASF-hosted projects. > > To fix that, we added language to all of our agreements that makes it > clear: Tidelift will never ask maintainers to act in contravention with the > policies of their fiscal sponsor. > > > *> If your Project is formally part of a larger open source organization, > such a fiscal sponsor or other non-profit that provides technical > infrastructure to open source projects, Tidelift will not require you to > perform Services that are in conflict with any written requirements of that > organization.* > > The full text of our updated agreement can be found here: > https://support.tidelift.com/hc/en-us/articles/4406309657876-Lifter-agreement > > Our hope is that this removes a barrier between maintainers of ASF-hosted > projects and receiving income from downstream users through Tidelift to > support work which might otherwise go uncompensated. > > If there are any other questions or concerns that folks have, please do > let me know! My role these days is entirely focused on making sure we're > addressing the needs of foundations like the Apache Software Foundation and > its member projects. I've also included co-founder Jeremy Katz on this > email, as doing right by foundations and the projects they host is a > priority for all of Tidelift. > > Onward and upward, > Josh > > Josh Simmons (he/they), Sr. Principal Foundations Advocate @ Tidelift > <https://tidelift.com/> > @joshsimmons <https://twitter.com/joshsimmons> | > joshua.simm...@tidelift.com | bluesomewhere on IRC > TZ: US/Pacific; UTC-07:00 Mar-Nov; UTC-08:00 Nov-Mar > ad astra per aspera [image: 🚀] > > > On 2022/01/11 21:49:59 Ralph Goers wrote: > > Hello all, > > > > Recently the Logging Services PMC was approached by Tidelift offering to > provide monetary support either to the project or individual committers. To > obtain that sponsorship the project has to agree to the terms at > https://support.tidelift.com/hc/en-us/articles/4406309657876-Lifter-agreement. > It appears that Struts has accepted this already. > > > > Some PMC members are interested in pursuing this but I am questioning a) > whether the agreement conflicts with ASF practices and b) whether the legal > agreement is too ambiguous. Two ASF members commented on the Logging > Services private list that they had concerns about the agreement. > > > > In response to these concerns I created > https://issues.apache.org/jira/browse/LEGAL-593. The guidance there > seemed to be that payment to the ASF by Tidelift would not be allowed but > payment to individuals might be. No guidance on the agreement was provided. > It was recommended I post here instead. > > > > In looking for more clarification from Tidelift about their agreement > and who could receive payment we received this response: > > > > Great follow up question, you are spot on. Each of the > individuals on the team page could become a lifter and the funds allocated > for Log4j would be split between them. > > > > Additional pieces of information to add nuance: > > > > * For someone to _start_ lifting a project with Tidelift, the > verification process involves us looking to official sources for > confirmation–such as the team page. After a project is lifted, the > verification process ultimately hinges on open communication between us and > whichever lifter has been nominated to be the primary contact (in full view > of all of the project's lifters so that we know there's shared agreement). > > > > * Funds can be split any way you see fit, evenly or otherwise. > In most cases, we see an even split.
RE: Tidelift
Hi folks, I wanted to follow up on this thread to let everyone know that we've taken the feedback from ASF community members across a variety of threads and updated our agreements accordingly. For context, I've attached a doc summarizing discussion as it stood back in February (including links to other relevant threads and docs). The blocker that was identified was Tidelift's "public notice requirement" which in most projects would've required an action by the project as a whole, counter to the (rightful) prohibition of directed development within ASF-hosted projects. To fix that, we added language to all of our agreements that makes it clear: Tidelift will never ask maintainers to act in contravention with the policies of their fiscal sponsor. *> If your Project is formally part of a larger open source organization, such a fiscal sponsor or other non-profit that provides technical infrastructure to open source projects, Tidelift will not require you to perform Services that are in conflict with any written requirements of that organization.* The full text of our updated agreement can be found here: https://support.tidelift.com/hc/en-us/articles/4406309657876-Lifter-agreement Our hope is that this removes a barrier between maintainers of ASF-hosted projects and receiving income from downstream users through Tidelift to support work which might otherwise go uncompensated. If there are any other questions or concerns that folks have, please do let me know! My role these days is entirely focused on making sure we're addressing the needs of foundations like the Apache Software Foundation and its member projects. I've also included co-founder Jeremy Katz on this email, as doing right by foundations and the projects they host is a priority for all of Tidelift. Onward and upward, Josh Josh Simmons (he/they), Sr. Principal Foundations Advocate @ Tidelift <https://tidelift.com/> @joshsimmons <https://twitter.com/joshsimmons> | joshua.simm...@tidelift.com | bluesomewhere on IRC TZ: US/Pacific; UTC-07:00 Mar-Nov; UTC-08:00 Nov-Mar ad astra per aspera [image: 🚀] On 2022/01/11 21:49:59 Ralph Goers wrote: > Hello all, > > Recently the Logging Services PMC was approached by Tidelift offering to provide monetary support either to the project or individual committers. To obtain that sponsorship the project has to agree to the terms at https://support.tidelift.com/hc/en-us/articles/4406309657876-Lifter-agreement. It appears that Struts has accepted this already. > > Some PMC members are interested in pursuing this but I am questioning a) whether the agreement conflicts with ASF practices and b) whether the legal agreement is too ambiguous. Two ASF members commented on the Logging Services private list that they had concerns about the agreement. > > In response to these concerns I created https://issues.apache.org/jira/browse/LEGAL-593. The guidance there seemed to be that payment to the ASF by Tidelift would not be allowed but payment to individuals might be. No guidance on the agreement was provided. It was recommended I post here instead. > > In looking for more clarification from Tidelift about their agreement and who could receive payment we received this response: > > Great follow up question, you are spot on. Each of the individuals on the team page could become a lifter and the funds allocated for Log4j would be split between them. > > Additional pieces of information to add nuance: > > * For someone to _start_ lifting a project with Tidelift, the verification process involves us looking to official sources for confirmation–such as the team page. After a project is lifted, the verification process ultimately hinges on open communication between us and whichever lifter has been nominated to be the primary contact (in full view of all of the project's lifters so that we know there's shared agreement). > > * Funds can be split any way you see fit, evenly or otherwise. In most cases, we see an even split. In cases where the funds are directed back to a foundation, 100% of the funds go to the foundation and the share assigned to the lifters is 0%. > > * This approach has allowed us to decouple any individual project's governance from our own processes, and has proven to be effective in many different contexts. As we grow, it may well be that our processes need to evolve, so that's a conversation that I'm open to as we continue discussing :o) > > So it is clear to me that Tidelift requires the project as a whole to approve the agreement, even though only select individuals may choose to receive payment, especially since one of the requirements is a public acknowledgment of Tidelift on one of the project’s sites. > > I find this problematic as I cannot reconcile how it is OK for individuals to receive payment so that the
Re: Tidelift
On Sun, Jan 23, 2022 at 3:51 AM Dave Fisher wrote: > > Jared, I like your descriptions! If you replace sponsor with vendor it should > be very familiar to us all! First of all: +1 to Jarek's idea. Second of all, now that I have the board's blessing to go and explore the Tidelift-like situations in more details -- I'm about to start a new (more meta if you will) thread on this soon. Stay tuned (I'm traveling + waiting on a few data points to arrive from Tidelift and others). Thanks, Roman. - To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org
Re: Tidelift
Jared, I like your descriptions! If you replace sponsor with vendor it should be very familiar to us all! All the best, Dave Sent from my iPhone > On Jan 22, 2022, at 4:12 PM, Jarek Potiuk wrote: > > Hey Roman, > > I like it too. Happy to help too. I think it's not very far for Tidelift to > adjust their model. > > Maybe what could be helpful is to have some page/policy where we describe > what can/cannot/should be from a Sponsor/PMC and contributor in exchange > for money: > > I see for example (I am not native speaker/legal, so this might be a poor > trial - but might be a good start): > > Sponsor: > > * Respect the right of the individual to make the best decisions for the > project even if they might not fully follow the Sponsor's guidelines > * Might mention sponsoring particular individuals including > mentioning their affiliation with the projects they sponsor (that might be > somewhat controvertial) > > PMC: > > * Cannot promote/endorse the sponsor of individual's work on their official > pages (if sponsorship is for code development, not resources) > * Cannot commit to coding/standard requirements specified by the sponsor > > The individual (no matter what merit the individual has): > > * Can endorse and promote the sponsor as long as they make it as an > individual and not PMC representative > * Should have disclaimer to continue working on the project regardless of > the sponsorship > * Should act according to the > https://www.apache.org/foundation/marks/responsibility.html for branding > and endorsement when they act as PMC members especially (if they are PMC > members) > > Just initial thinking about it. > > J. > >> On Sun, Jan 16, 2022 at 8:36 PM Roman Shaposhnik >> wrote: >> >> Jim said: >> >>> IMO, the foundation and the project should do nothing associated with >> this. It should neither encourage or condone it. In no way should we enter >> into any agreement, contract, whatever, w/ Tidelift. If Tidelift wishes to >> work independently and directly w/ people, that's fine. But having the ASF >> and/or the project involved at any level should be disallowed. >> >> This is exactly what I said on the LEGAL JIRA. So +1 to this framing. Now, >> personally, I think Tidelift can be a great ally of Open Source in general >> and as such I'm personally extremely willing to work with them to make sure >> they come up with tweaks for their model that make sense to us and other >> Open Source projects. More on that below: >> >>> On Wed, Jan 12, 2022 at 7:56 AM Sam Ruby wrote: >>> >>> On Tue, Jan 11, 2022 at 4:50 PM Ralph Goers >>> wrote: >>>> >>>> Hello all, >>>> >>>> Recently the Logging Services PMC was approached by Tidelift offering >> to >>> provide monetary support either to the project or individual committers. >> To >>> obtain that sponsorship the project has to agree to the terms at >>> >> https://support.tidelift.com/hc/en-us/articles/4406309657876-Lifter-agreement >> . >>> It appears that Struts has accepted this already. >>> >>> Perusing the agreement, I see talk of payment, license, and trademark. >>> So let's cover that, and the topic we want to cover, the Apache Way. >>> >>> Let's be welcoming and friendly, and focus more on what they need to >>> do, rather than on what they must not do >>> >> >> Huge +1 to the above. I really feel that Tidelift is onto something here >> and am very much willing to work with them (even in my personal capacity). >> >> >>> Outline: >>> >>> * So you want to pay a contributor? Great! If that is something you >>> wish to do, do so directly with each contributor as this is not a >>> service the ASF provides. Just make sure that each contributori is >>> aware of each of the five points listed on The Apache Way page[1]. In >>> particular, be aware that each individual contribution will be >>> evaluated on its merits and require consensus before being accepted. >>> >>> * All code must be licensed only under the Apache Software License, >>> with no additional conditions. Should an individual contributor >>> become a committer, they will be required to sign an ICLA. You are >>> welcome to sign a CCLA. >>> >>> * You are welcome to make nominative use of our trademarks. If you >>> require anything more, see out Trademark Policy[2]. >>> >>> [1] https://www.apache.org/theapacheway/ >>> [2] https://www.apache.org/foundation/marks/ >> >> >> I'd like to refocus this thread (or perhaps fork a new one) on expanding >> this useful list started by Sam. I also plan to talk to Tidelift later this >> week so having as much data points as I possibly can would be super useful. >> >> Anyone has anything else they feel like adding to the above list? >> >> Thanks, >> Roman. >> - To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org
Re: Tidelift
Hey Roman, I like it too. Happy to help too. I think it's not very far for Tidelift to adjust their model. Maybe what could be helpful is to have some page/policy where we describe what can/cannot/should be from a Sponsor/PMC and contributor in exchange for money: I see for example (I am not native speaker/legal, so this might be a poor trial - but might be a good start): Sponsor: * Respect the right of the individual to make the best decisions for the project even if they might not fully follow the Sponsor's guidelines * Might mention sponsoring particular individuals including mentioning their affiliation with the projects they sponsor (that might be somewhat controvertial) PMC: * Cannot promote/endorse the sponsor of individual's work on their official pages (if sponsorship is for code development, not resources) * Cannot commit to coding/standard requirements specified by the sponsor The individual (no matter what merit the individual has): * Can endorse and promote the sponsor as long as they make it as an individual and not PMC representative * Should have disclaimer to continue working on the project regardless of the sponsorship * Should act according to the https://www.apache.org/foundation/marks/responsibility.html for branding and endorsement when they act as PMC members especially (if they are PMC members) Just initial thinking about it. J. On Sun, Jan 16, 2022 at 8:36 PM Roman Shaposhnik wrote: > Jim said: > > > IMO, the foundation and the project should do nothing associated with > this. It should neither encourage or condone it. In no way should we enter > into any agreement, contract, whatever, w/ Tidelift. If Tidelift wishes to > work independently and directly w/ people, that's fine. But having the ASF > and/or the project involved at any level should be disallowed. > > This is exactly what I said on the LEGAL JIRA. So +1 to this framing. Now, > personally, I think Tidelift can be a great ally of Open Source in general > and as such I'm personally extremely willing to work with them to make sure > they come up with tweaks for their model that make sense to us and other > Open Source projects. More on that below: > > On Wed, Jan 12, 2022 at 7:56 AM Sam Ruby wrote: > > > On Tue, Jan 11, 2022 at 4:50 PM Ralph Goers > > wrote: > > > > > > Hello all, > > > > > > Recently the Logging Services PMC was approached by Tidelift offering > to > > provide monetary support either to the project or individual committers. > To > > obtain that sponsorship the project has to agree to the terms at > > > https://support.tidelift.com/hc/en-us/articles/4406309657876-Lifter-agreement > . > > It appears that Struts has accepted this already. > > > > Perusing the agreement, I see talk of payment, license, and trademark. > > So let's cover that, and the topic we want to cover, the Apache Way. > > > > Let's be welcoming and friendly, and focus more on what they need to > > do, rather than on what they must not do > > > > Huge +1 to the above. I really feel that Tidelift is onto something here > and am very much willing to work with them (even in my personal capacity). > > > > Outline: > > > > * So you want to pay a contributor? Great! If that is something you > > wish to do, do so directly with each contributor as this is not a > > service the ASF provides. Just make sure that each contributori is > > aware of each of the five points listed on The Apache Way page[1]. In > > particular, be aware that each individual contribution will be > > evaluated on its merits and require consensus before being accepted. > > > > * All code must be licensed only under the Apache Software License, > > with no additional conditions. Should an individual contributor > > become a committer, they will be required to sign an ICLA. You are > > welcome to sign a CCLA. > > > > * You are welcome to make nominative use of our trademarks. If you > > require anything more, see out Trademark Policy[2]. > > > > [1] https://www.apache.org/theapacheway/ > > [2] https://www.apache.org/foundation/marks/ > > > I'd like to refocus this thread (or perhaps fork a new one) on expanding > this useful list started by Sam. I also plan to talk to Tidelift later this > week so having as much data points as I possibly can would be super useful. > > Anyone has anything else they feel like adding to the above list? > > Thanks, > Roman. >
Re: Tidelift
Jim said: > IMO, the foundation and the project should do nothing associated with this. It should neither encourage or condone it. In no way should we enter into any agreement, contract, whatever, w/ Tidelift. If Tidelift wishes to work independently and directly w/ people, that's fine. But having the ASF and/or the project involved at any level should be disallowed. This is exactly what I said on the LEGAL JIRA. So +1 to this framing. Now, personally, I think Tidelift can be a great ally of Open Source in general and as such I'm personally extremely willing to work with them to make sure they come up with tweaks for their model that make sense to us and other Open Source projects. More on that below: On Wed, Jan 12, 2022 at 7:56 AM Sam Ruby wrote: > On Tue, Jan 11, 2022 at 4:50 PM Ralph Goers > wrote: > > > > Hello all, > > > > Recently the Logging Services PMC was approached by Tidelift offering to > provide monetary support either to the project or individual committers. To > obtain that sponsorship the project has to agree to the terms at > https://support.tidelift.com/hc/en-us/articles/4406309657876-Lifter-agreement. > It appears that Struts has accepted this already. > > Perusing the agreement, I see talk of payment, license, and trademark. > So let's cover that, and the topic we want to cover, the Apache Way. > > Let's be welcoming and friendly, and focus more on what they need to > do, rather than on what they must not do > Huge +1 to the above. I really feel that Tidelift is onto something here and am very much willing to work with them (even in my personal capacity). > Outline: > > * So you want to pay a contributor? Great! If that is something you > wish to do, do so directly with each contributor as this is not a > service the ASF provides. Just make sure that each contributori is > aware of each of the five points listed on The Apache Way page[1]. In > particular, be aware that each individual contribution will be > evaluated on its merits and require consensus before being accepted. > > * All code must be licensed only under the Apache Software License, > with no additional conditions. Should an individual contributor > become a committer, they will be required to sign an ICLA. You are > welcome to sign a CCLA. > > * You are welcome to make nominative use of our trademarks. If you > require anything more, see out Trademark Policy[2]. > > [1] https://www.apache.org/theapacheway/ > [2] https://www.apache.org/foundation/marks/ I'd like to refocus this thread (or perhaps fork a new one) on expanding this useful list started by Sam. I also plan to talk to Tidelift later this week so having as much data points as I possibly can would be super useful. Anyone has anything else they feel like adding to the above list? Thanks, Roman.
Re: Tidelift
> And speaking from my extremely parochial POV as part of the SpamAssassin > project, I know that our requests for "support" often amount to > embedding special dispensation for sketchy practices, so I don't think > anyone working on *OUR* project could "lift" it without telling > subscribers "NO!" and being terminated. BTW. I actually said "NO" several times (nothing serious) and was not terminated - quite the opposite. I was literally thanked for honesty and transparency and for providing "community perspective". My contracts were renewed and improved afterwards. I guess our stakeholders understand how the ASF community works. J - To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org
Re: Tidelift
> > I expect I know the answer to this but do any of your sponsors require > (or even request) that you mention them in the project web site or in the > README? No. And this is something I would never be able to agree to because the agreement is with me not with PMC/project. But for example Astronomer and AWS sponsor the CI (AWS credits) for our CI and we did thank them for that in README. But this is for "Resources" for the project not for development And we are free to use it as we see fit for the project.. > What you are doing sounds fine to me simply because the agreement > you have doesn’t obligate the PMC to anything. Correct. And I believe PMC cannot be obliged to do anything in exchange for money. This is an important point of the discussion as I understand it. - To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org
Re: Tidelift
يعني وش السالفة . شوفوا مودي طيب في الأربعاء، ١٢ يناير ٢٠٢٢ ٩:١٢ م Bill Cole < sa-bugz-20080...@billmail.scconsult.com> كتب: > On 2022-01-12 at 08:51:37 UTC-0500 (Wed, 12 Jan 2022 08:51:37 -0500) > Jim Jagielski > is rumored to have said: > > > IMO, the foundation and the project should do nothing associated with > > this. It should neither encourage or condone it. In no way should we > > enter into any agreement, contract, whatever, w/ Tidelift. If Tidelift > > wishes to work independently and directly w/ people, that's fine. But > > having the ASF and/or the project involved at any level should be > > disallowed. > > +1 > > It seems clear to me that the Tidelift business model is not compatible > with the ASF's project structure. All of their documentation clearly > only envisions supporting individual contributors or employers of > individual contributors. > > I'd also be very leery of this as an individual. It is unclear what > their performance standards are for "Lifters" under this clause of their > agreement, in the section on termination: > > • failure to complete tasks set out in the Tidelift software > platform (including ineffective or inaccurate completion) > > Since ASF projects have PMCs, not God-Kings, it's generally not possible > for an individual commiter on an ASF project to commit to completing > development tasks which are arbitrarily defined by a 3rd party seeking > "support." > > And speaking from my extremely parochial POV as part of the SpamAssassin > project, I know that our requests for "support" often amount to > embedding special dispensation for sketchy practices, so I don't think > anyone working on *OUR* project could "lift" it without telling > subscribers "NO!" and being terminated. > > > We cannot also ignore the obvious self-serving nature of the request > > by Tidelift and if we are comfortable with them using this as an > > opportunity for promotion. > > Right. They seem pretty lame at promotion, but they are clearly trying > very hard. With my Sr. Sysadmin hat on, I cannot imagine actually paying > them their prices for what they seem to be actually capable of > providing. > > > -- > Bill Cole > b...@scconsult.com or billc...@apache.org > (AKA @grumpybozo and many *@billmail.scconsult.com addresses) > Not Currently Available For Hire > > - > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > For additional commands, e-mail: dev-h...@community.apache.org > >
Re: Tidelift
On 2022-01-12 at 08:51:37 UTC-0500 (Wed, 12 Jan 2022 08:51:37 -0500) Jim Jagielski is rumored to have said: IMO, the foundation and the project should do nothing associated with this. It should neither encourage or condone it. In no way should we enter into any agreement, contract, whatever, w/ Tidelift. If Tidelift wishes to work independently and directly w/ people, that's fine. But having the ASF and/or the project involved at any level should be disallowed. +1 It seems clear to me that the Tidelift business model is not compatible with the ASF's project structure. All of their documentation clearly only envisions supporting individual contributors or employers of individual contributors. I'd also be very leery of this as an individual. It is unclear what their performance standards are for "Lifters" under this clause of their agreement, in the section on termination: • failure to complete tasks set out in the Tidelift software platform (including ineffective or inaccurate completion) Since ASF projects have PMCs, not God-Kings, it's generally not possible for an individual commiter on an ASF project to commit to completing development tasks which are arbitrarily defined by a 3rd party seeking "support." And speaking from my extremely parochial POV as part of the SpamAssassin project, I know that our requests for "support" often amount to embedding special dispensation for sketchy practices, so I don't think anyone working on *OUR* project could "lift" it without telling subscribers "NO!" and being terminated. We cannot also ignore the obvious self-serving nature of the request by Tidelift and if we are comfortable with them using this as an opportunity for promotion. Right. They seem pretty lame at promotion, but they are clearly trying very hard. With my Sr. Sysadmin hat on, I cannot imagine actually paying them their prices for what they seem to be actually capable of providing. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire - To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org
Re: Tidelift
On 2022-01-12 at 10:41:22 UTC-0500 (Wed, 12 Jan 2022 08:41:22 -0700) Ralph Goers is rumored to have said: That said, if the Tidelift model for people to be funded was “Your project must adhere to all ASF process and guidelines AND you must have a minimum of 3 active committers (proven by them actually approving and merging PRs, committing fixes for bugs, etc) and an advertising requirement I might be more inclined to support it since the only real requirement is that the project be active. Agreed, except for the problem that this is an imaginary Tidelift in an alternate universe. They've clearly put a pile of effort into their current model and I suspect that they would not easily cede perfomance standards to the rather hit-or-miss baseline of being a healthy ASF project. We are the floor they are seeking to "lift" packages up from. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire - To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org
Re: Tidelift
Jarek, I expect I know the answer to this but do any of your sponsors require (or even request) that you mention them in the project web site or in the README? What you are doing sounds fine to me simply because the agreement you have doesn’t obligate the PMC to anything. Tidelift’s business model is to generate funding for open source by getting commercial users to pay Tidelift to support open source projects. Tidelift doesn’t seem to have any developers of its own so it shares a portion of he money it gets with projects so it can add them to its catalog of supported projects. In some ways this could be a win-win-win scenario, if it actually accomplishes something. Ralph > On Jan 12, 2022, at 8:57 AM, Jarek Potiuk wrote: > > Fascinating discussion. My understanding is exactly what Jim explained. > > I also can explain how it works for me as an individual in Apache > Airflow. Apache Airflow has multiple stakeholders and I have regular > contracts with a few of them: Google, Astronomer. Also I got a > one-time GitHub Sponsorship from AWS. Each contract covers part of my > time. > > * The sponsorship was without any expectations. > * The contracts I have are mostly about "We do not oblige you to do > this and that. Those are our priorities for next year or so and we > would like you to focus on as an individual for part of your time, but > we are well aware the community makes decisions and nothing can be > done without community rules being followed. We understand that and > expect you to follow the rules." (not the exact wording but that's the > "gist" of it). > > I also do a lot of contributions in my "own" time so to speak which > cover much broader scope and project needs and other initiatives (If I > were to calculate it with regular rates) - and I treat seriously the > disclaimer that was mentioned in the Legal part of the discussion (I > believe Justin pointed to that). > > Those are my own private agreements with the stakeholders, PMC members > are aware of those (I am very transparent with that as you see), but > it has nothing to do with the PMC nor ASF.. > > I believe if Tidelift were to arrange similar contracts with whoever > are the people with "merit" in the project, they should be free to do > that - with similar conditions. > > J. > > On Wed, Jan 12, 2022 at 4:56 PM Sam Ruby wrote: >> >> On Tue, Jan 11, 2022 at 4:50 PM Ralph Goers >> wrote: >>> >>> Hello all, >>> >>> Recently the Logging Services PMC was approached by Tidelift offering to >>> provide monetary support either to the project or individual committers. To >>> obtain that sponsorship the project has to agree to the terms at >>> https://support.tidelift.com/hc/en-us/articles/4406309657876-Lifter-agreement. >>> It appears that Struts has accepted this already. >> >> Perusing the agreement, I see talk of payment, license, and trademark. >> So let's cover that, and the topic we want to cover, the Apache Way. >> >> Let's be welcoming and friendly, and focus more on what they need to >> do, rather than on what they must not do >> >> Outline: >> >> * So you want to pay a contributor? Great! If that is something you >> wish to do, do so directly with each contributor as this is not a >> service the ASF provides. Just make sure that each contributori is >> aware of each of the five points listed on The Apache Way page[1]. In >> particular, be aware that each individual contribution will be >> evaluated on its merits and require consensus before being accepted. >> >> * All code must be licensed only under the Apache Software License, >> with no additional conditions. Should an individual contributor >> become a committer, they will be required to sign an ICLA. You are >> welcome to sign a CCLA. >> >> * You are welcome to make nominative use of our trademarks. If you >> require anything more, see out Trademark Policy[2]. >> >> [1] https://www.apache.org/theapacheway/ >> [2] https://www.apache.org/foundation/marks/ >> >> - Sam Ruby >> >> - >> To unsubscribe, e-mail: dev-unsubscr...@community.apache.org >> For additional commands, e-mail: dev-h...@community.apache.org >> > > - > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > For additional commands, e-mail: dev-h...@community.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org
Re: Tidelift
Fascinating discussion. My understanding is exactly what Jim explained. I also can explain how it works for me as an individual in Apache Airflow. Apache Airflow has multiple stakeholders and I have regular contracts with a few of them: Google, Astronomer. Also I got a one-time GitHub Sponsorship from AWS. Each contract covers part of my time. * The sponsorship was without any expectations. * The contracts I have are mostly about "We do not oblige you to do this and that. Those are our priorities for next year or so and we would like you to focus on as an individual for part of your time, but we are well aware the community makes decisions and nothing can be done without community rules being followed. We understand that and expect you to follow the rules." (not the exact wording but that's the "gist" of it). I also do a lot of contributions in my "own" time so to speak which cover much broader scope and project needs and other initiatives (If I were to calculate it with regular rates) - and I treat seriously the disclaimer that was mentioned in the Legal part of the discussion (I believe Justin pointed to that). Those are my own private agreements with the stakeholders, PMC members are aware of those (I am very transparent with that as you see), but it has nothing to do with the PMC nor ASF.. I believe if Tidelift were to arrange similar contracts with whoever are the people with "merit" in the project, they should be free to do that - with similar conditions. J. On Wed, Jan 12, 2022 at 4:56 PM Sam Ruby wrote: > > On Tue, Jan 11, 2022 at 4:50 PM Ralph Goers > wrote: > > > > Hello all, > > > > Recently the Logging Services PMC was approached by Tidelift offering to > > provide monetary support either to the project or individual committers. To > > obtain that sponsorship the project has to agree to the terms at > > https://support.tidelift.com/hc/en-us/articles/4406309657876-Lifter-agreement. > > It appears that Struts has accepted this already. > > Perusing the agreement, I see talk of payment, license, and trademark. > So let's cover that, and the topic we want to cover, the Apache Way. > > Let's be welcoming and friendly, and focus more on what they need to > do, rather than on what they must not do > > Outline: > > * So you want to pay a contributor? Great! If that is something you > wish to do, do so directly with each contributor as this is not a > service the ASF provides. Just make sure that each contributori is > aware of each of the five points listed on The Apache Way page[1]. In > particular, be aware that each individual contribution will be > evaluated on its merits and require consensus before being accepted. > > * All code must be licensed only under the Apache Software License, > with no additional conditions. Should an individual contributor > become a committer, they will be required to sign an ICLA. You are > welcome to sign a CCLA. > > * You are welcome to make nominative use of our trademarks. If you > require anything more, see out Trademark Policy[2]. > > [1] https://www.apache.org/theapacheway/ > [2] https://www.apache.org/foundation/marks/ > > - Sam Ruby > > - > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > For additional commands, e-mail: dev-h...@community.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org
Re: Tidelift
On Tue, Jan 11, 2022 at 4:50 PM Ralph Goers wrote: > > Hello all, > > Recently the Logging Services PMC was approached by Tidelift offering to > provide monetary support either to the project or individual committers. To > obtain that sponsorship the project has to agree to the terms at > https://support.tidelift.com/hc/en-us/articles/4406309657876-Lifter-agreement. > It appears that Struts has accepted this already. Perusing the agreement, I see talk of payment, license, and trademark. So let's cover that, and the topic we want to cover, the Apache Way. Let's be welcoming and friendly, and focus more on what they need to do, rather than on what they must not do Outline: * So you want to pay a contributor? Great! If that is something you wish to do, do so directly with each contributor as this is not a service the ASF provides. Just make sure that each contributori is aware of each of the five points listed on The Apache Way page[1]. In particular, be aware that each individual contribution will be evaluated on its merits and require consensus before being accepted. * All code must be licensed only under the Apache Software License, with no additional conditions. Should an individual contributor become a committer, they will be required to sign an ICLA. You are welcome to sign a CCLA. * You are welcome to make nominative use of our trademarks. If you require anything more, see out Trademark Policy[2]. [1] https://www.apache.org/theapacheway/ [2] https://www.apache.org/foundation/marks/ - Sam Ruby - To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org
Re: Tidelift
> On Jan 12, 2022, at 10:41 AM, Ralph Goers wrote: > > Jim, > > While I agree with your conclusion I do disagree with how you get there. > > In your first message you seemed to think that the “self-serving nature” of > what Tidelift is doing is any different than what many companies have been > doing to the ASF. I am a member of the Flume PMC and my employer uses it as a > critical component of our infrastructure, primarily at my doing. I was > reluctant to have it graduate from the incubator since the PMC was 90%+ > Cloudera employees. Well, Cloudera ghosted the project and many of the PMC > members are now former Cloudera employees who, while interested in the > project, have no time to spend on it. I view that model and outcome as worse > than what Tidelift is proposing. I am now faced with doing a Flume update and > release pretty much all on my own, although I am sure there are 3 PMC members > active enough to approve the release. > I agree that all companies are self-serving in that way... There is a class of lawyers colloquially known as "ambulance chasers". I submit that said class of lawyers are more "self serving" than the general populace of lawyers. PS: Regarding the example that you provide. If it was up to me, I'd say that Flume should be attic'ed then. If we need to split hairs to determine whether a project is healthy or if there are enough active PMC members, then we should, IMO, error on the side of caution and attic said project. Otherwise we are openly and willingly allowing, and even encouraging, the continued problems that we are trying to solve right now. - To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org
Re: Tidelift
> On Jan 12, 2022, at 8:34 AM, Mohammad Noureldin > wrote: > > Hi, > > I have 2 questions: > 1- How did that work in the case of Apache Struts ? Any details can be > shared ? In the case of Struts it appears there is only a single active committer and he is the sole person receiving funds from Tidelift. It isn’t clear if the PMC was ever even consulted. > 2- Is the concept of "guarantying" here in the Legal sense ? or is it > "guarantying" by approaching the "right individuals" ? > > By "right individuals" (double quoting is intentional) I mean (P)PMC > Members for example. Though they, as mentioned here, can get funded as > individuals who don't represent the ASF as an organization nor they > represent the target project in any official way, but being a (P)PMC Member > (by the definition of the ASF organization itself) show/guarantees that the > approached individuals have the merit and the commitment towards that > target project, hence guarantying that such funds will be used efficiently > or in the right way (I am using 'efficiently' and 'the right way' in their > broader sense). Yes, this is the heart of the problem. How can you be funded solely as an individual if the agreement requires agreement from the PMC? > > But even with that in mind, I believe there is a catch ? If any of those > individuals, being (P)PMC member or not, stopped working on the target > project for whatever reason, What happens then ? > That is a great question. I guess Tidelift would find out when or if its customers started complaining. Ralph
Re: Tidelift
Jim, While I agree with your conclusion I do disagree with how you get there. In your first message you seemed to think that the “self-serving nature” of what Tidelift is doing is any different than what many companies have been doing to the ASF. I am a member of the Flume PMC and my employer uses it as a critical component of our infrastructure, primarily at my doing. I was reluctant to have it graduate from the incubator since the PMC was 90%+ Cloudera employees. Well, Cloudera ghosted the project and many of the PMC members are now former Cloudera employees who, while interested in the project, have no time to spend on it. I view that model and outcome as worse than what Tidelift is proposing. I am now faced with doing a Flume update and release pretty much all on my own, although I am sure there are 3 PMC members active enough to approve the release. Unlike corporate backed projects, Tidelift doesn’t specify any particular development that must be done to qualify for funding. What they require is mostly stuff the ASF already requires - but the agreement is unclear if the ASF requirements are sufficient since the agreement is ambiguous. And, of course, the promotion of Tidelift could be a problem. Someprojects have pages similar to https://activemq.apache.org/support that list places where you can get commercial support. Many have “Thanks” pages to thank companies such as Jetbrains and Yourkit for donating their products to committers. So simply listing a commercial entity on the web site doesn’t seem to be the issue. For me, the issue is that Tidelift is paying developers with the requirement that they follow certain processes, one of which includes an advertisement. On its face I just don’t see how that flies with ASF policies. That said, if the Tidelift model for people to be funded was “Your project must adhere to all ASF process and guidelines AND you must have a minimum of 3 active committers (proven by them actually approving and merging PRs, committing fixes for bugs, etc) and an advertising requirement I might be more inclined to support it since the only real requirement is that the project be active. Ralph > On Jan 12, 2022, at 7:57 AM, Jim Jagielski wrote: > > Over in the Apache HTTPD project, both the HTTP/2 and the new mod_tls modules > were paid for by outside entities. That is, this entity wanted these modules > to exist, contracted out w/ a 3rd party to write/develop them, and then > backed away. There was no guarantee that these modules would even be > accepted, that the code would be treated specially or differently, or > anything at all like that. At no point was the PMC or the foundation involved > at all. The only consideration was that whatever was being donated to the > project was, in fact, being donated; that this external work-for-hire was > allowed to be, and was intended to be, donated and used by the ASF under the > ALv2. > > If Tidelift wishes to contract out to individuals, it is certainly within its > rights and that's 100% A-OK. However, they must be aware that there is no > guarantee that any work that the "lifters" provide will be included. There is > no way nor guarantee that the lifters are able to direct or manage the > project in a way that Tidelift and/or its customers would want. They are not > paying for access nor are they paying for guaranteed improvements or > inclusion. That must be clear. > > My understanding of the Tidelift arrangement is that they are providing some > sort of assurance that these lifters are not only developing the code, but > also "maintaining" it, which implies active, constant and "guaranteed" > contribution. Any lifters involved with Apache projects cannot guarantee > that. They cannot maintain it anymore, or any less, than anyone else, working > within the confines of the project. > >> On Jan 12, 2022, at 9:16 AM, Gary Gregory wrote: >> >> I agree that people should handle their affairs as they see fit RE Tidelift >> but how should this be allowed to trickle in on Apache WRT mentions in web >> sites and files like readme. IOW, should structs assets remove mentions of >> Tidelift? >> >> Gary >> >> On Wed, Jan 12, 2022, 08:52 Jim Jagielski wrote: >> >>> IMO, the foundation and the project should do nothing associated with >>> this. It should neither encourage or condone it. In no way should we enter >>> into any agreement, contract, whatever, w/ Tidelift. If Tidelift wishes to >>> work independently and directly w/ people, that's fine. But having the ASF >>> and/or the project involved at any level should be disallowed. >>> >>> We cannot also ignore the obvious self-serving nature of the request by >>>
Re: Tidelift
Hi, On Wed, Jan 12, 2022 at 3:58 PM Jim Jagielski wrote: > Over in the Apache HTTPD project, both the HTTP/2 and the new mod_tls > modules were paid for by outside entities. That is, this entity wanted > these modules to exist, contracted out w/ a 3rd party to write/develop > them, and then backed away. There was no guarantee that these modules would > even be accepted, that the code would be treated specially or differently, > or anything at all like that. At no point was the PMC or the foundation > involved at all. The only consideration was that whatever was being donated > to the project was, in fact, being donated; that this external > work-for-hire was allowed to be, and was intended to be, donated and used > by the ASF under the ALv2. > > If Tidelift wishes to contract out to individuals, it is certainly within > its rights and that's 100% A-OK. However, they must be aware that there is > no guarantee that any work that the "lifters" provide will be included. > There is no way nor guarantee that the lifters are able to direct or manage > the project in a way that Tidelift and/or its customers would want. They > are not paying for access nor are they paying for guaranteed improvements > or inclusion. That must be clear. > > My understanding of the Tidelift arrangement is that they are providing > some sort of assurance that these lifters are not only developing the code, > but also "maintaining" it, which implies active, constant and "guaranteed" > contribution. Any lifters involved with Apache projects cannot guarantee > that. They cannot maintain it anymore, or any less, than anyone else, > working within the confines of the project. > I have 2 questions: 1- How did that work in the case of Apache Struts ? Any details can be shared ? 2- Is the concept of "guarantying" here in the Legal sense ? or is it "guarantying" by approaching the "right individuals" ? By "right individuals" (double quoting is intentional) I mean (P)PMC Members for example. Though they, as mentioned here, can get funded as individuals who don't represent the ASF as an organization nor they represent the target project in any official way, but being a (P)PMC Member (by the definition of the ASF organization itself) show/guarantees that the approached individuals have the merit and the commitment towards that target project, hence guarantying that such funds will be used efficiently or in the right way (I am using 'efficiently' and 'the right way' in their broader sense). But even with that in mind, I believe there is a catch ? If any of those individuals, being (P)PMC member or not, stopped working on the target project for whatever reason, What happens then ? > > On Jan 12, 2022, at 9:16 AM, Gary Gregory > wrote: > > > > I agree that people should handle their affairs as they see fit RE > Tidelift > > but how should this be allowed to trickle in on Apache WRT mentions in > web > > sites and files like readme. IOW, should structs assets remove mentions > of > > Tidelift? > > > > Gary > > > > On Wed, Jan 12, 2022, 08:52 Jim Jagielski wrote: > > > >> IMO, the foundation and the project should do nothing associated with > >> this. It should neither encourage or condone it. In no way should we > enter > >> into any agreement, contract, whatever, w/ Tidelift. If Tidelift wishes > to > >> work independently and directly w/ people, that's fine. But having the > ASF > >> and/or the project involved at any level should be disallowed. > >> > >> We cannot also ignore the obvious self-serving nature of the request by > >> Tidelift and if we are comfortable with them using this as an > opportunity > >> for promotion. > >> > >>> On Jan 11, 2022, at 4:49 PM, Ralph Goers > >> wrote: > >>> > >>> Hello all, > >>> > >>> Recently the Logging Services PMC was approached by Tidelift offering > to > >> provide monetary support either to the project or individual > committers. To > >> obtain that sponsorship the project has to agree to the terms at > >> > https://support.tidelift.com/hc/en-us/articles/4406309657876-Lifter-agreement > . > >> It appears that Struts has accepted this already. > >>> > >>> Some PMC members are interested in pursuing this but I am questioning > a) > >> whether the agreement conflicts with ASF practices and b) whether the > legal > >> agreement is too ambiguous. Two ASF members commented on the Logging > >> Services private list that they had concerns about the agreement. > >>
Re: Tidelift
Over in the Apache HTTPD project, both the HTTP/2 and the new mod_tls modules were paid for by outside entities. That is, this entity wanted these modules to exist, contracted out w/ a 3rd party to write/develop them, and then backed away. There was no guarantee that these modules would even be accepted, that the code would be treated specially or differently, or anything at all like that. At no point was the PMC or the foundation involved at all. The only consideration was that whatever was being donated to the project was, in fact, being donated; that this external work-for-hire was allowed to be, and was intended to be, donated and used by the ASF under the ALv2. If Tidelift wishes to contract out to individuals, it is certainly within its rights and that's 100% A-OK. However, they must be aware that there is no guarantee that any work that the "lifters" provide will be included. There is no way nor guarantee that the lifters are able to direct or manage the project in a way that Tidelift and/or its customers would want. They are not paying for access nor are they paying for guaranteed improvements or inclusion. That must be clear. My understanding of the Tidelift arrangement is that they are providing some sort of assurance that these lifters are not only developing the code, but also "maintaining" it, which implies active, constant and "guaranteed" contribution. Any lifters involved with Apache projects cannot guarantee that. They cannot maintain it anymore, or any less, than anyone else, working within the confines of the project. > On Jan 12, 2022, at 9:16 AM, Gary Gregory wrote: > > I agree that people should handle their affairs as they see fit RE Tidelift > but how should this be allowed to trickle in on Apache WRT mentions in web > sites and files like readme. IOW, should structs assets remove mentions of > Tidelift? > > Gary > > On Wed, Jan 12, 2022, 08:52 Jim Jagielski wrote: > >> IMO, the foundation and the project should do nothing associated with >> this. It should neither encourage or condone it. In no way should we enter >> into any agreement, contract, whatever, w/ Tidelift. If Tidelift wishes to >> work independently and directly w/ people, that's fine. But having the ASF >> and/or the project involved at any level should be disallowed. >> >> We cannot also ignore the obvious self-serving nature of the request by >> Tidelift and if we are comfortable with them using this as an opportunity >> for promotion. >> >>> On Jan 11, 2022, at 4:49 PM, Ralph Goers >> wrote: >>> >>> Hello all, >>> >>> Recently the Logging Services PMC was approached by Tidelift offering to >> provide monetary support either to the project or individual committers. To >> obtain that sponsorship the project has to agree to the terms at >> https://support.tidelift.com/hc/en-us/articles/4406309657876-Lifter-agreement. >> It appears that Struts has accepted this already. >>> >>> Some PMC members are interested in pursuing this but I am questioning a) >> whether the agreement conflicts with ASF practices and b) whether the legal >> agreement is too ambiguous. Two ASF members commented on the Logging >> Services private list that they had concerns about the agreement. >>> >>> In response to these concerns I created >> https://issues.apache.org/jira/browse/LEGAL-593. The guidance there >> seemed to be that payment to the ASF by Tidelift would not be allowed but >> payment to individuals might be. No guidance on the agreement was provided. >> It was recommended I post here instead. >>> >>> In looking for more clarification from Tidelift about their agreement >> and who could receive payment we received this response: >>> >>> Great follow up question, you are spot on. Each of the >> individuals on the team page could become a lifter and the funds allocated >> for Log4j would be split between them. >>> >>> Additional pieces of information to add nuance: >>> >>> * For someone to _start_ lifting a project with Tidelift, the >> verification process involves us looking to official sources for >> confirmation–such as the team page. After a project is lifted, the >> verification process ultimately hinges on open communication between us and >> whichever lifter has been nominated to be the primary contact (in full view >> of all of the project's lifters so that we know there's shared agreement). >>> >>> * Funds can be split any way you see fit, evenly or otherwise. In >> most cases, we see an even split. In cases where the funds are di
Re: Tidelift
On 1/12/22 09:16, Gary Gregory wrote: I agree that people should handle their affairs as they see fit RE Tidelift but how should this be allowed to trickle in on Apache WRT mentions in web sites and files like readme. IOW, should structs assets remove mentions of Tidelift? Yes. The arrangement is (or should be) between Tidelift and individuals, not between Tidelift and the project, or the Foundation. Jim is right here. On Wed, Jan 12, 2022, 08:52 Jim Jagielski wrote: IMO, the foundation and the project should do nothing associated with this. It should neither encourage or condone it. In no way should we enter into any agreement, contract, whatever, w/ Tidelift. If Tidelift wishes to work independently and directly w/ people, that's fine. But having the ASF and/or the project involved at any level should be disallowed. We cannot also ignore the obvious self-serving nature of the request by Tidelift and if we are comfortable with them using this as an opportunity for promotion. On Jan 11, 2022, at 4:49 PM, Ralph Goers wrote: Hello all, Recently the Logging Services PMC was approached by Tidelift offering to provide monetary support either to the project or individual committers. To obtain that sponsorship the project has to agree to the terms at https://support.tidelift.com/hc/en-us/articles/4406309657876-Lifter-agreement. It appears that Struts has accepted this already. Some PMC members are interested in pursuing this but I am questioning a) whether the agreement conflicts with ASF practices and b) whether the legal agreement is too ambiguous. Two ASF members commented on the Logging Services private list that they had concerns about the agreement. In response to these concerns I created https://issues.apache.org/jira/browse/LEGAL-593. The guidance there seemed to be that payment to the ASF by Tidelift would not be allowed but payment to individuals might be. No guidance on the agreement was provided. It was recommended I post here instead. In looking for more clarification from Tidelift about their agreement and who could receive payment we received this response: Great follow up question, you are spot on. Each of the individuals on the team page could become a lifter and the funds allocated for Log4j would be split between them. Additional pieces of information to add nuance: * For someone to _start_ lifting a project with Tidelift, the verification process involves us looking to official sources for confirmation–such as the team page. After a project is lifted, the verification process ultimately hinges on open communication between us and whichever lifter has been nominated to be the primary contact (in full view of all of the project's lifters so that we know there's shared agreement). * Funds can be split any way you see fit, evenly or otherwise. In most cases, we see an even split. In cases where the funds are directed back to a foundation, 100% of the funds go to the foundation and the share assigned to the lifters is 0%. * This approach has allowed us to decouple any individual project's governance from our own processes, and has proven to be effective in many different contexts. As we grow, it may well be that our processes need to evolve, so that's a conversation that I'm open to as we continue discussing :o) So it is clear to me that Tidelift requires the project as a whole to approve the agreement, even though only select individuals may choose to receive payment, especially since one of the requirements is a public acknowledgment of Tidelift on one of the project’s sites. I find this problematic as I cannot reconcile how it is OK for individuals to receive payment so that the ASF is not officially involved while at the same time the PMC must approve the agreement for individuals to be able to accept payment. Furthermore, I still have no idea whether the terms of the agreement would put a PMC in conflict with ASF policies or whether the ambiguities in the agreement would put the ASF in a bad place. I realize the ASF’s argument would be “We have nothing to do with this” but I suspect that wouldn’t fly since the PMC has to agree to it. To be clear, I have no idea if this is the correct place to discuss this. Personally, I was under the impression that a Legal Jira was where this kind of stuff got resolved. But here I am. Thoughts? Ralph - To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org - To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org - To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For addi
Re: Tidelift
I agree that people should handle their affairs as they see fit RE Tidelift but how should this be allowed to trickle in on Apache WRT mentions in web sites and files like readme. IOW, should structs assets remove mentions of Tidelift? Gary On Wed, Jan 12, 2022, 08:52 Jim Jagielski wrote: > IMO, the foundation and the project should do nothing associated with > this. It should neither encourage or condone it. In no way should we enter > into any agreement, contract, whatever, w/ Tidelift. If Tidelift wishes to > work independently and directly w/ people, that's fine. But having the ASF > and/or the project involved at any level should be disallowed. > > We cannot also ignore the obvious self-serving nature of the request by > Tidelift and if we are comfortable with them using this as an opportunity > for promotion. > > > On Jan 11, 2022, at 4:49 PM, Ralph Goers > wrote: > > > > Hello all, > > > > Recently the Logging Services PMC was approached by Tidelift offering to > provide monetary support either to the project or individual committers. To > obtain that sponsorship the project has to agree to the terms at > https://support.tidelift.com/hc/en-us/articles/4406309657876-Lifter-agreement. > It appears that Struts has accepted this already. > > > > Some PMC members are interested in pursuing this but I am questioning a) > whether the agreement conflicts with ASF practices and b) whether the legal > agreement is too ambiguous. Two ASF members commented on the Logging > Services private list that they had concerns about the agreement. > > > > In response to these concerns I created > https://issues.apache.org/jira/browse/LEGAL-593. The guidance there > seemed to be that payment to the ASF by Tidelift would not be allowed but > payment to individuals might be. No guidance on the agreement was provided. > It was recommended I post here instead. > > > > In looking for more clarification from Tidelift about their agreement > and who could receive payment we received this response: > > > >Great follow up question, you are spot on. Each of the > individuals on the team page could become a lifter and the funds allocated > for Log4j would be split between them. > > > >Additional pieces of information to add nuance: > > > >* For someone to _start_ lifting a project with Tidelift, the > verification process involves us looking to official sources for > confirmation–such as the team page. After a project is lifted, the > verification process ultimately hinges on open communication between us and > whichever lifter has been nominated to be the primary contact (in full view > of all of the project's lifters so that we know there's shared agreement). > > > >* Funds can be split any way you see fit, evenly or otherwise. In > most cases, we see an even split. In cases where the funds are directed > back to a foundation, 100% of the funds go to the foundation and the share > assigned to the lifters is 0%. > > > >* This approach has allowed us to decouple any individual > project's governance from our own processes, and has proven to be effective > in many different contexts. As we grow, it may well be that our processes > need to evolve, so that's a conversation that I'm open to as we continue > discussing :o) > > > > So it is clear to me that Tidelift requires the project as a whole to > approve the agreement, even though only select individuals may choose to > receive payment, especially since one of the requirements is a public > acknowledgment of Tidelift on one of the project’s sites. > > > > I find this problematic as I cannot reconcile how it is OK for > individuals to receive payment so that the ASF is not officially involved > while at the same time the PMC must approve the agreement for individuals > to be able to accept payment. Furthermore, I still have no idea whether the > terms of the agreement would put a PMC in conflict with ASF policies or > whether the ambiguities in the agreement would put the ASF in a bad place. > I realize the ASF’s argument would be “We have nothing to do with this” but > I suspect that wouldn’t fly since the PMC has to agree to it. > > > > To be clear, I have no idea if this is the correct place to discuss > this. Personally, I was under the impression that a Legal Jira was where > this kind of stuff got resolved. But here I am. > > > > Thoughts? > > > > Ralph > > > > > > > > - > > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > > For additional commands, e-mail: dev-h...@community.apache.org > > > > > - > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > For additional commands, e-mail: dev-h...@community.apache.org > >
Re: Tidelift
IMO, the foundation and the project should do nothing associated with this. It should neither encourage or condone it. In no way should we enter into any agreement, contract, whatever, w/ Tidelift. If Tidelift wishes to work independently and directly w/ people, that's fine. But having the ASF and/or the project involved at any level should be disallowed. We cannot also ignore the obvious self-serving nature of the request by Tidelift and if we are comfortable with them using this as an opportunity for promotion. > On Jan 11, 2022, at 4:49 PM, Ralph Goers wrote: > > Hello all, > > Recently the Logging Services PMC was approached by Tidelift offering to > provide monetary support either to the project or individual committers. To > obtain that sponsorship the project has to agree to the terms at > https://support.tidelift.com/hc/en-us/articles/4406309657876-Lifter-agreement. > It appears that Struts has accepted this already. > > Some PMC members are interested in pursuing this but I am questioning a) > whether the agreement conflicts with ASF practices and b) whether the legal > agreement is too ambiguous. Two ASF members commented on the Logging Services > private list that they had concerns about the agreement. > > In response to these concerns I created > https://issues.apache.org/jira/browse/LEGAL-593. The guidance there seemed to > be that payment to the ASF by Tidelift would not be allowed but payment to > individuals might be. No guidance on the agreement was provided. It was > recommended I post here instead. > > In looking for more clarification from Tidelift about their agreement and who > could receive payment we received this response: > >Great follow up question, you are spot on. Each of the individuals on > the team page could become a lifter and the funds allocated for Log4j would > be split between them. > >Additional pieces of information to add nuance: > >* For someone to _start_ lifting a project with Tidelift, the > verification process involves us looking to official sources for > confirmation–such as the team page. After a project is lifted, the > verification process ultimately hinges on open communication between us and > whichever lifter has been nominated to be the primary contact (in full view > of all of the project's lifters so that we know there's shared agreement). > >* Funds can be split any way you see fit, evenly or otherwise. In most > cases, we see an even split. In cases where the funds are directed back to a > foundation, 100% of the funds go to the foundation and the share assigned to > the lifters is 0%. > >* This approach has allowed us to decouple any individual project's > governance from our own processes, and has proven to be effective in many > different contexts. As we grow, it may well be that our processes need to > evolve, so that's a conversation that I'm open to as we continue discussing > :o) > > So it is clear to me that Tidelift requires the project as a whole to approve > the agreement, even though only select individuals may choose to receive > payment, especially since one of the requirements is a public acknowledgment > of Tidelift on one of the project’s sites. > > I find this problematic as I cannot reconcile how it is OK for individuals to > receive payment so that the ASF is not officially involved while at the same > time the PMC must approve the agreement for individuals to be able to accept > payment. Furthermore, I still have no idea whether the terms of the agreement > would put a PMC in conflict with ASF policies or whether the ambiguities in > the agreement would put the ASF in a bad place. I realize the ASF’s argument > would be “We have nothing to do with this” but I suspect that wouldn’t fly > since the PMC has to agree to it. > > To be clear, I have no idea if this is the correct place to discuss this. > Personally, I was under the impression that a Legal Jira was where this kind > of stuff got resolved. But here I am. > > Thoughts? > > Ralph > > > > - > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > For additional commands, e-mail: dev-h...@community.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org
Re: Tidelift
Hi Ralph, I think there's a fundraising angle to this as well due to the acknowledgement requirement. David Nalley reached out to me with the original Logging PMC thread as something he expected might need us to get involved with. I'll be discussing this at our next fundraising meeting Thursday. I have some similar concerns but I plan on holding those until I've had a chance to discuss with the rest of the fundraising committee. Thanks for raising this. - Bob Paulin ASF VP, Fundraising On 1/11/2022 3:49 PM, Ralph Goers wrote: Hello all, Recently the Logging Services PMC was approached by Tidelift offering to provide monetary support either to the project or individual committers. To obtain that sponsorship the project has to agree to the terms at https://support.tidelift.com/hc/en-us/articles/4406309657876-Lifter-agreement. It appears that Struts has accepted this already. Some PMC members are interested in pursuing this but I am questioning a) whether the agreement conflicts with ASF practices and b) whether the legal agreement is too ambiguous. Two ASF members commented on the Logging Services private list that they had concerns about the agreement. In response to these concerns I created https://issues.apache.org/jira/browse/LEGAL-593. The guidance there seemed to be that payment to the ASF by Tidelift would not be allowed but payment to individuals might be. No guidance on the agreement was provided. It was recommended I post here instead. In looking for more clarification from Tidelift about their agreement and who could receive payment we received this response: Great follow up question, you are spot on. Each of the individuals on the team page could become a lifter and the funds allocated for Log4j would be split between them. Additional pieces of information to add nuance: * For someone to _start_ lifting a project with Tidelift, the verification process involves us looking to official sources for confirmation–such as the team page. After a project is lifted, the verification process ultimately hinges on open communication between us and whichever lifter has been nominated to be the primary contact (in full view of all of the project's lifters so that we know there's shared agreement). * Funds can be split any way you see fit, evenly or otherwise. In most cases, we see an even split. In cases where the funds are directed back to a foundation, 100% of the funds go to the foundation and the share assigned to the lifters is 0%. * This approach has allowed us to decouple any individual project's governance from our own processes, and has proven to be effective in many different contexts. As we grow, it may well be that our processes need to evolve, so that's a conversation that I'm open to as we continue discussing :o) So it is clear to me that Tidelift requires the project as a whole to approve the agreement, even though only select individuals may choose to receive payment, especially since one of the requirements is a public acknowledgment of Tidelift on one of the project’s sites. I find this problematic as I cannot reconcile how it is OK for individuals to receive payment so that the ASF is not officially involved while at the same time the PMC must approve the agreement for individuals to be able to accept payment. Furthermore, I still have no idea whether the terms of the agreement would put a PMC in conflict with ASF policies or whether the ambiguities in the agreement would put the ASF in a bad place. I realize the ASF’s argument would be “We have nothing to do with this” but I suspect that wouldn’t fly since the PMC has to agree to it. To be clear, I have no idea if this is the correct place to discuss this. Personally, I was under the impression that a Legal Jira was where this kind of stuff got resolved. But here I am. Thoughts? Ralph - To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org - To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org
Tidelift
Hello all, Recently the Logging Services PMC was approached by Tidelift offering to provide monetary support either to the project or individual committers. To obtain that sponsorship the project has to agree to the terms at https://support.tidelift.com/hc/en-us/articles/4406309657876-Lifter-agreement. It appears that Struts has accepted this already. Some PMC members are interested in pursuing this but I am questioning a) whether the agreement conflicts with ASF practices and b) whether the legal agreement is too ambiguous. Two ASF members commented on the Logging Services private list that they had concerns about the agreement. In response to these concerns I created https://issues.apache.org/jira/browse/LEGAL-593. The guidance there seemed to be that payment to the ASF by Tidelift would not be allowed but payment to individuals might be. No guidance on the agreement was provided. It was recommended I post here instead. In looking for more clarification from Tidelift about their agreement and who could receive payment we received this response: Great follow up question, you are spot on. Each of the individuals on the team page could become a lifter and the funds allocated for Log4j would be split between them. Additional pieces of information to add nuance: * For someone to _start_ lifting a project with Tidelift, the verification process involves us looking to official sources for confirmation–such as the team page. After a project is lifted, the verification process ultimately hinges on open communication between us and whichever lifter has been nominated to be the primary contact (in full view of all of the project's lifters so that we know there's shared agreement). * Funds can be split any way you see fit, evenly or otherwise. In most cases, we see an even split. In cases where the funds are directed back to a foundation, 100% of the funds go to the foundation and the share assigned to the lifters is 0%. * This approach has allowed us to decouple any individual project's governance from our own processes, and has proven to be effective in many different contexts. As we grow, it may well be that our processes need to evolve, so that's a conversation that I'm open to as we continue discussing :o) So it is clear to me that Tidelift requires the project as a whole to approve the agreement, even though only select individuals may choose to receive payment, especially since one of the requirements is a public acknowledgment of Tidelift on one of the project’s sites. I find this problematic as I cannot reconcile how it is OK for individuals to receive payment so that the ASF is not officially involved while at the same time the PMC must approve the agreement for individuals to be able to accept payment. Furthermore, I still have no idea whether the terms of the agreement would put a PMC in conflict with ASF policies or whether the ambiguities in the agreement would put the ASF in a bad place. I realize the ASF’s argument would be “We have nothing to do with this” but I suspect that wouldn’t fly since the PMC has to agree to it. To be clear, I have no idea if this is the correct place to discuss this. Personally, I was under the impression that a Legal Jira was where this kind of stuff got resolved. But here I am. Thoughts? Ralph - To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org
