XSF Discussion - 2020-06-18

hi

We have a board meeting in 1h40m... would appreciate someone to step up as minute-taker ahead of time so we don't spend half the meeting on that again

I have most of a bot implemented, but not going to suggest we rush to use it this week (it needs a little more polish)

Answering the discussion from last night, no, the bot does not summarize discussions - many organisation minutes do not, and only record actual motions and other things explicitly requested to go on the record

So the bot does this, but with links to the discussion logs of each topic

Which seems a fine compromise to me

Summarizing discussions accurately is one of the hardest tasks of minute-taking

We have the advantage that all our discussions are already in text form and recorded

probably most important

the whole point of minutes to me is for people not to have to read the logs

I'd rather let people see the outcome, and give them access to the raw data, rather than filtering through some other person

It's very easy for someone to introduce accidental bias this way (related problem: we don't explicitly approve minutes currently)

well yes that's why approving minutes is necessary

Standard practice afaik is to have one minute taker and two to verify and sign off on the minutes.

We can't even find one person to write the minutes :)

and this has been going on for years

They aren't going to magically appear - and we've tried alternatives (thanks nyco) where everyone collaborates on them, that didn't really work either though

I’ll be stuck in a work meeting until 15:00Z, sorry

np jonas’

MattJ: I was on the pad helping nyco a bit. maybe if we'd all done so..

Sure, maybe if many things

If we collectively think that's the solution, I'm not opposed to trying it again

IMO, the XSF should consider paying for certain roles/positions that we continuously struggle to get volunteers for (touchy subject I know)

jcbrand: I agree

Or provide some other kind of incentive, but I can't imagine what... swag? ✏

either that, or board takes responsability for it and we all contribute (we've agreed about one way to do this last week but there might be others)

*shrug*

Personally I strongly feel that a bot is the best approach

I think I'm alone in that though

MattJ: I'm with you on this, I agree on all you have said

Someone needs to write a bot then

As above, I have one almost completed (but not ready to use this week)

and I'm not going to attempt to push it on the group if everyone else is against it

ah sorry

You could just enable it silently and then show everyone the awesome minutes that it takes

and then bask in glory

Yeah, have pondered that :)

jcbrand, do we have enough income to pay someone? how much could we pay someone? do we have someone who manages our funds?

The IETF, while a fair bit larger than the XSF, does hire out administrative tasks to a company.

We have the raw data, and the outcome with the bot. It is perfect, less layers to access to what has happened. I have nothing more to say to what it has been already said by MattJ. I see it as a perfect fit.

(Don't have time to read back, but I have no strong feelings either way about using a bot)

Hopefully by next week I'll have the bot polished off and some docs written, and then I'll propose that we switch to it

flow: Last I heard there are funds, although the XSF could definitely make more of an effort to woo sponsors

The point is not to make someone rich or to provide a full-time job, but to at least make the task more palatable

jcbrand, we sure have funds, but what can be spend on reappearing payments? also I think before we can seriously consider payming someone, we should look for a treasurer, cause I am not sure if PSA has the time to take care of that

Did I mention I'll be offering the bot for a small fee?

(muahaaha, etc.)

haha

If it's a once-off fee, then it's better than paying a human to do it

flow we do have a treasurer, Peter.

flow my understanding is that the XSF has been sitting on cash for years, not really doing anything with it ✏

Guus, I know, but only beause of our search for a new treasurer did not yield any results.

I have no inclination to dismiss his work or to assume that he's not able to perform in that role.

Guus: i'm sure that's not what flow is saying ✏

no, we searched for a new Executive Officer (which was also Peter). We never searched for a new Treasurer, afiak.

Guus, no, not at all, but I think that peter would actually be happy if someone else would fill that role

Was just typing what Guus said

Guus, we searched for a treasurer in 2015: https://mail.jabber.org/pipermail/members/2015-July/008117.html

I did not know that. But, since, Peter was asked to stand for another year repeatedly, and has never objected or mentioned he'd prefer someone else took over.

I'd speculate that this caused by a mix of it being currently not that mutch work (I assume) and the expectation that there is no one to step in

Hey, if he does want someone else to take over, I'm perfectly happy to search for someone else. I'd just not postpone any other activity in the assumption that we need to refill the Treasurer role, as the person that's currently in that role did not give any indication that that's relevant.

My suggestion would be to ask peter of he is still willing to act as treasurer if we increase the workload

that's all

right, we're more aligned than it initially appeared to me. 🙂

I don't think Peter will be silent if the work load becomes more than he's happy with.

I'll just prep another plugin for the bot in that case ;)

Heh, I was going to suggest that. Bots are better with numbers after all :P

Yes, Lua has great floating point support

What could go wrong?

!spend €400

fwiw I have suggested going through SPI before (to handle finance, and they also provide legal council etc.), to stpeter at least, maybe that's something we can think about

Actually that would be something I could get behind if necessary

They don't do minute taking yet

I wonder how much autonomy we give up by going through a party like SPI. I have yet to look into that deeper.

!

Hello, all good?

Hello :)

-·

ralphm, ?

(or is this a week he sent apologies?)

did he? I missed it if he did.

Seems not

Ok, I can step up if ralphm is absent

please do

k

0) Role call

Very appreciated

ROLE!

;)

!

(sorry)

Let's start with

1) Topics for decisions

somethignsomethingminutes

1.1) Reevaluate the process for accepting XEP contributions

Looks like https://trello.com/c/Y4Bfcnr3/399-reevaluate-the-process-for-accepting-xep-contributions from jonas’

(I'll send out minutes after the meeting)

Thanks

Jonas asks if we got legal council on the necessity of the (CLA) process.

I do not know.

Hate to say this but neither do I

I was involved in setting up the CLA bot, but only because it was a pending issue ('to-be-done')

What was before github?

I've looked back in my personal mail archive, but couldn't find much of a motive for this.

And how did people agree to the IPR

no, that was on github.

I think it was implicit before Github

I'm asking about before github

Not sure if the editor kept any records, not that I'm aware (but stpeter would know)

(lag?)

None of us are lawyers, though in my experience a lawyer's opinion on something like this tends to usually just be an opinion and "maybe"

Who can we reach to resolve "Q1"? (Actually confirm if we can ignore that step from the process)

I think we'll not get an answer with the people in this meeting. 🙂 Let's find someone who was involved at the time?

Obviously having an explicit ack from the contributor is good for our records, should an issue arise

Yes..

If we don't have that, I can see it being problematic if there ever was a dispute

jonas’ and I can go through standard discussions about switching to github and we may find why/who decided

But getting hints from someone who knows would be good

MattJ, sure but ACKs can take different forms

Sure

oh, shoot.

I'm only now reading the rest of Jonas' question

I'd be fine with any alternative to the bot if that's what we want

it was below a fold in trello

(reading)

13:39:04 pep.> And how did people agree to the IPR email

13:39:44 MattJ> Not sure if the editor kept any records, not that I'm aware (but stpeter would know) I kept records for all users which did it via email

(with me)

Also, I may not be up to date on the latest on this thread, but I think we may not necessarily be moving off Github anyway?

(there were one or two cases since I became editor which were handled via email)

jonas’, thanks, good to know

MattJ, clabot is a blocker for moving off github, and I’m swaying towards "do a hybrid solution as a testballoon, long term Gitlab primary" ✏

I'd be more comfortable if we kept an explicit IPR acknowledgement from contributors about IPR, I'm absolutely fine with any solution for that

As an editor I'd also prefer if we didn't have two venues as a long term goal

I think that getting clarification from a lawyer on this is both costly and time-consuming.

I'd suggest to find a way to not make this issue a blocker for other editor-process improvements.

ok, so let’s skip the "did we get counsel" and move on to "what do you think about my proposed alternatives"

(please read the card until the bottom :))

I'm fine with the proposed alternatives

Q2 specifically :)

As you say, this is all info made public on contribution anyway

I like that is based on git

Lawyers hate it ;)

heh :)

GDPR issues, if someone wanted to be forgotten

I’d like to have Board-ack on the option in Q2. Though we could also find a way to make the list non-public if board is uncomfortable with having a blatant list of PII world-readable on gitlab

Good point

But I consider that a rare enough event that we can cross that bridge when/if we ever need to

Yeah.. I'm happy with sign-off but I'd like legal council tbh. It's not like we hadn't had contributions from companies with money in the past that could actually use this against us

note that right for deletion is guarded by technical feasibility, only the right to rectification is unconditional.

If anything, part of the acknowledgement should be that their info will be public in our repos

true

So make that explicit, and I'm in

maybe Board can make a motion on that :)

and then I’ll do things

I don't want to vote on things now.

I desperately want more feedback on this

(and I’m back in my $work meeting)

Feedback from?

Thanks jonas’

at least from (seniors in the) community, and possibly legal council.

What exactly concerns you?

I don't like changing things that I'm unsure of why they were put in place in the first place.

CLAs are quite common

as pep. hinted, legal repercussions _might_ be severe.

and their purpose is well understood

I don't understand

There are two questions here... 1) do we need a CLA? 2) how do we process the CLA?

My answers are (1) yes (2) however we want to

I just see moving from confirming on an email to a commit message? (excluding the clabot)

clabot is not mandated by lawyers

Most won't even know what it is

It's just a convenient thing someone made

My answers are (1) maaaybe? and (2) We should get legal council to confirm that method is fine

So if you're concerned about moving away from that, I don't think that's justified

Right - I'm a lot less uncomfortable if we're not discussing the necessity of a CLA.

I'm quite sure we didn't get legal counsel on whether clabot was acceptable

I'm happy to use another technical ways to replace clabot.

(to do the exact same thing, record the CLA)

Plenty of other orgs do CLAs through other means, some insist on written signed forms

MattJ, re clabot, being a commonly used service I'd hope they have had legal council themselves, or they've been put to the test already.

Many lawyers will probably will tell you that's necessary

You only have to convince a court that someone had agreed to the IPR terms

If we don't have any process, and it's implicit, I think that's very hard

I think I can draw a parallel to security here. Put as much resources to protect against what you think you'll have to face ✏

If we have any kind of paper trail, then we're good

(and paper includes email in this case)

e.g. that's one concern - if we migrate off Github do we lose the CLAs of previous contributors?

Ok, we're approaching full time

cla-assistent lets you export them, if memory serves

Looks like we don't have enough to vote on, but maybe folks can think about this issue more and we can vote next week

FWIW, as I remember the history here, we used to assert that just having submitted a commit was sufficient (that the contribution to the repo itself was enough). A prior board decided there had to be an explicit step added, so an explicit step was added.

Guus, I'm curious to know if an export is sufficient in court. Or if cla-assistant signs it or something

Kev, thank you

I think that's about the extent of what happened. I don't *believe* the Board got counsel, but I might be wrong.

Thanks Kev

Ok, I don't see anything else on the agenda that's new, pressing, or that we'd have time to discuss, so I propose we close here

k

ok

2) Time of next

+1W

3) Close

Thanks all

wfm

Thanks

Thanks

Thank you MattJ !

It really helps to know that, thank you Kev

It's just my migraine-addled memory, I wouldn't take it as gospel :)

Haha

I mean, the first part is definitely (as sure as I can be) right. We used to just assert that by contribuing a XEP that said in it (once XSL was applied) that it was owned by the XSF that meant the author was assigning ownership to the XSF, and it was definitely decided to change that because it wasn't deemed safe.

The details of the decision process during the change are a bit fuzzier for me.

Minutes sent

tx

Thanks Board

that was useful as a guideline

The rough consensus that we do want a process which gets us an affirmative ACK is already important to me. Replacing CLAbot as a tool I don’t think is a problem in general, since it can’t do any magic either.

We’ll find a similarly powerful replacement for the GitLab platform, the process I outlined would be an example of that.

regarding exporting the "signatures" of cla-assistant, I don’t think that’s of much use since they’re tied to github users, which is not quite a thing on GitLab ;)

though I guess we can restore some manually (and I’d be happy to) for the common contributors so they don’t have to go through the hassle; in the end, the cardinality of authors is rather low

jonas’, they're useful though as a proof that existing contributors have ACK'd

Assuming it's only a one-time thing maybe that's okay as a way to test that it's not too annoying then?

Zash, what would be okay?

(dangling reference in "that's okay as a way")

in-reply-to: "though I guess we can restore some [clabot signatures] [...] for the common contributors so they don’t have to go through the hassle"

Zash, so you would not do that to check with the common contributors if the process looks alright?

Yeah I'm also fine with re-signing. It's only a one-time thing anyway

yeah

I see

It's one less (legally?) error-prone thing for editors to do as well

indeed

jonas’, I got the impression that we might find a replacement clabot thing. if that turns out too annoying to subject previous contributors to, then isn't it too annoying?

very true

good point you make

Of the barriers that might be present in moving to gitlab purely for me, I wouldn't think going through the CLABot process again that problematic (assuming it was no harder than the current one).

(Other aspects might be, but not that one)

or "if that turns out so annoying that it's worth it to try to export previous data, then"

vacation mode. brain turned off.

disregarding whether we want to restore ACKs, do we not have to keep an export? ✏

could argue that it's implied in the merging of the PR

It was already decided to go with explicit ACK (and I agree with that)

if you assume in good faith that the bot did its job

I’d still want an export for safety

Though I'm not sure I understand your sentence, Zash

if github folds, we don’t have a record of what happened in the PR

that

and that clabot required anything ✏

Though we'll always be dependent on github anyway..

Because if they fold we lose the identity provider

(for these signatures)

We'd need to ensure the export contains email addresses rather

(and then we'd only depend on gmail)

What's that, identity is Hard? :)

I created an export and it does not include the email

it only includes user name + id

I'm not sure we need the email, I suspect we /do/ need the name.

I'd say we need something that binds to an identity. I doubt "we" (the XSF) need to know the full legal name. Just like I never gave that to github

> Using emojis in names seems fun, but please try to set a status message instead pah, gitlab.

(I do appreciate that they have a separate error message for that though :))

Pah, XMPP… It also doesn't allow emoji in nicks.

"It depends"

On what?

on how lenient things are in enforcing or on how RFC 7622 they are

how good is XEP-0238: Moved adopted in clients?

I mean, are there many clients implementing that XEP?

vanitasvitae: the XEP is https://xmpp.org/extensions/xep-0283.html