On Saturday, February 8, 2025 9:09:55 PM MST Theodore Ts'o wrote: > I'm a bit dubious about a ChatGPT authored Conflict of Interest (COI) > policy because most of them that you will find on-line, and thus what > a Large Language Model (LLM) will regurgitate, are meant for > orgaizations where you have a small body of people who vote. > > So for example, if you serve on the board of a church, or a non-profit > orgaization like Usenix, or the Rocky Enterrise Software Foundation > (RESF), if there is a motion where you might benefit depending on how > the decision comes out, the CoI policy will mandate that you abstain > from voting on the motion. This is where the "refrain from > participating from a decision" language might come from. > > Howeer, it is quite common that someone with that potental conflict of > interest is often a subject matter expert. For example, if you are a > primary owner of a general contracting company, then you will know a > lot about building construction; so if the vote is about which company > should be hired, the board would *want* to hear your insights. So > typically the conflict of interest would be disclosed, the expert > would give their opinions, insights, and other expertise to the board > --- and then the expert might abstain from voting on the actual motion > if they were a board member. > > The problem is that in Debian, we rarely vote when we make decisions. > This does happen, of course, such as when the Technical Committee > votes on something that might be a very close call. In that case, it > would make sense for a TC member who might have conflict of interest > to step aside. > > However, many decisions take place via discussion / debates on public > mailing list --- so what does refrain from participating in a decision > mean in that context? That the people who might have the most > expertise must not participate in the debate? That > seems.... counterproductive. So there, probably the best you could do > is to make sure people should be asked to disclose conflicts of > interest up front, although in many cases, it might be obvious (for > example if the e-mail address has canonical.com....). > > Another such situation is if a maintainer makes a decision as it > relates to a package where they are the primary maintainer. This case > can get quite ticklish, because very often, they *are* one of the > primary experts about the package; that's why they are the maintain > the package. And that might also be why a company decided to hire > them. For example, I got hired by Google because I was the ext4 > kernel maintainer, and I did make changes that made it easier for > e2fsprogs to be built on ProdNG, which was a Debian variant for use > internally at Google[1]. > > [1] "Live Upgrading Thousands of Servers from an Ancient Red Hat > Distribution to 10 Year Newer Debian Based One" > https://www.usenix.org/system/files/conference/lisa13/lisa13-merlin.pdf > > The changes that I made din't compromise Debian at all (I doubt anyone > noticed, since they din't cause any changes in the binary packages > generated by e2fsprogs' debian/rujles file for Debian. But this was a > decision that was made that benefited Google, *and* Debian because it > meant that we got a lot more testing on thousands and thousands of > servers runnig in data centesr al over the world. Is that a "conflict > of interest"? Lots of similar scenarios happened where Debian > Maintainers were hired by Canonical, and did work while being paid by > Canonical in a way that substantially benefited Debian *and* Ubuntu. > > Should people in these sorts of situations be "not allowed to > participate in decisions" as the package maintainer because of some > silly ChatGPT authored policy? I think not. > > Ultimately, this is a case where I think we do have recourse already, > which is if a package maintainer makes a decision which is detrimenta > to Debian, that decision can always be appealed to they TC. > > So I could imagine COI policies for specific, small bodies in Debian > where decisions get made via voting, such as the TC. > > However, I don't believe it makes sense for large bodies; for example, > excluiding people from voting on a GR just because they might have a > conflict of interest means that we could potentially depriving people > of their franchise, which I think would be a Bad Thing. So if someone > adopted this as a constitutional amendment, I would vote against it. > > The final thing I would note is that our structure means that in some > cases, the ultimate authority rest with the DPL. So I'm not sure we > *can* have a COI policy that applies to the DPL without it making a > fundamental change to our governance structure. The wise DPL would > delegate their authority if there wasa clear conflict of interest, of > course. And if a DPL abuses their authority, then they can be voted > out at the next election. But saying that the DPL "must not > participate in a decision", per the ChatGPT authored statement, I > would argue does't work given what trust and power we vest in the DPL. > > Cheers, > > - Ted
I agree wholeheartedly with this reasoning. -- Soren Stoutner so...@debian.org
signature.asc
Description: This is a digitally signed message part.
