IMO, the foundation and the project should do nothing associated with this. It should neither encourage or condone it. In no way should we enter into any agreement, contract, whatever, w/ Tidelift. If Tidelift wishes to work independently and directly w/ people, that's fine. But having the ASF and/or the project involved at any level should be disallowed.
We cannot also ignore the obvious self-serving nature of the request by Tidelift and if we are comfortable with them using this as an opportunity for promotion. > On Jan 11, 2022, at 4:49 PM, Ralph Goers <ralph.go...@dslextreme.com> wrote: > > Hello all, > > Recently the Logging Services PMC was approached by Tidelift offering to > provide monetary support either to the project or individual committers. To > obtain that sponsorship the project has to agree to the terms at > https://support.tidelift.com/hc/en-us/articles/4406309657876-Lifter-agreement. > It appears that Struts has accepted this already. > > Some PMC members are interested in pursuing this but I am questioning a) > whether the agreement conflicts with ASF practices and b) whether the legal > agreement is too ambiguous. Two ASF members commented on the Logging Services > private list that they had concerns about the agreement. > > In response to these concerns I created > https://issues.apache.org/jira/browse/LEGAL-593. The guidance there seemed to > be that payment to the ASF by Tidelift would not be allowed but payment to > individuals might be. No guidance on the agreement was provided. It was > recommended I post here instead. > > In looking for more clarification from Tidelift about their agreement and who > could receive payment we received this response: > > Great follow up question, you are spot on. Each of the individuals on > the team page could become a lifter and the funds allocated for Log4j would > be split between them. > > Additional pieces of information to add nuance: > > * For someone to _start_ lifting a project with Tidelift, the > verification process involves us looking to official sources for > confirmation–such as the team page. After a project is lifted, the > verification process ultimately hinges on open communication between us and > whichever lifter has been nominated to be the primary contact (in full view > of all of the project's lifters so that we know there's shared agreement). > > * Funds can be split any way you see fit, evenly or otherwise. In most > cases, we see an even split. In cases where the funds are directed back to a > foundation, 100% of the funds go to the foundation and the share assigned to > the lifters is 0%. > > * This approach has allowed us to decouple any individual project's > governance from our own processes, and has proven to be effective in many > different contexts. As we grow, it may well be that our processes need to > evolve, so that's a conversation that I'm open to as we continue discussing > :o) > > So it is clear to me that Tidelift requires the project as a whole to approve > the agreement, even though only select individuals may choose to receive > payment, especially since one of the requirements is a public acknowledgment > of Tidelift on one of the project’s sites. > > I find this problematic as I cannot reconcile how it is OK for individuals to > receive payment so that the ASF is not officially involved while at the same > time the PMC must approve the agreement for individuals to be able to accept > payment. Furthermore, I still have no idea whether the terms of the agreement > would put a PMC in conflict with ASF policies or whether the ambiguities in > the agreement would put the ASF in a bad place. I realize the ASF’s argument > would be “We have nothing to do with this” but I suspect that wouldn’t fly > since the PMC has to agree to it. > > To be clear, I have no idea if this is the correct place to discuss this. > Personally, I was under the impression that a Legal Jira was where this kind > of stuff got resolved. But here I am. > > Thoughts? > > Ralph > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > For additional commands, e-mail: dev-h...@community.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org
