Jim, While I agree with your conclusion I do disagree with how you get there.
In your first message you seemed to think that the “self-serving nature” of what Tidelift is doing is any different than what many companies have been doing to the ASF. I am a member of the Flume PMC and my employer uses it as a critical component of our infrastructure, primarily at my doing. I was reluctant to have it graduate from the incubator since the PMC was 90%+ Cloudera employees. Well, Cloudera ghosted the project and many of the PMC members are now former Cloudera employees who, while interested in the project, have no time to spend on it. I view that model and outcome as worse than what Tidelift is proposing. I am now faced with doing a Flume update and release pretty much all on my own, although I am sure there are 3 PMC members active enough to approve the release. Unlike corporate backed projects, Tidelift doesn’t specify any particular development that must be done to qualify for funding. What they require is mostly stuff the ASF already requires - but the agreement is unclear if the ASF requirements are sufficient since the agreement is ambiguous. And, of course, the promotion of Tidelift could be a problem. Someprojects have pages similar to https://activemq.apache.org/support that list places where you can get commercial support. Many have “Thanks” pages to thank companies such as Jetbrains and Yourkit for donating their products to committers. So simply listing a commercial entity on the web site doesn’t seem to be the issue. For me, the issue is that Tidelift is paying developers with the requirement that they follow certain processes, one of which includes an advertisement. On its face I just don’t see how that flies with ASF policies. That said, if the Tidelift model for people to be funded was “Your project must adhere to all ASF process and guidelines AND you must have a minimum of 3 active committers (proven by them actually approving and merging PRs, committing fixes for bugs, etc) and an advertising requirement I might be more inclined to support it since the only real requirement is that the project be active. Ralph > On Jan 12, 2022, at 7:57 AM, Jim Jagielski <j...@jagunet.com> wrote: > > Over in the Apache HTTPD project, both the HTTP/2 and the new mod_tls modules > were paid for by outside entities. That is, this entity wanted these modules > to exist, contracted out w/ a 3rd party to write/develop them, and then > backed away. There was no guarantee that these modules would even be > accepted, that the code would be treated specially or differently, or > anything at all like that. At no point was the PMC or the foundation involved > at all. The only consideration was that whatever was being donated to the > project was, in fact, being donated; that this external work-for-hire was > allowed to be, and was intended to be, donated and used by the ASF under the > ALv2. > > If Tidelift wishes to contract out to individuals, it is certainly within its > rights and that's 100% A-OK. However, they must be aware that there is no > guarantee that any work that the "lifters" provide will be included. There is > no way nor guarantee that the lifters are able to direct or manage the > project in a way that Tidelift and/or its customers would want. They are not > paying for access nor are they paying for guaranteed improvements or > inclusion. That must be clear. > > My understanding of the Tidelift arrangement is that they are providing some > sort of assurance that these lifters are not only developing the code, but > also "maintaining" it, which implies active, constant and "guaranteed" > contribution. Any lifters involved with Apache projects cannot guarantee > that. They cannot maintain it anymore, or any less, than anyone else, working > within the confines of the project. > >> On Jan 12, 2022, at 9:16 AM, Gary Gregory <garydgreg...@gmail.com> wrote: >> >> I agree that people should handle their affairs as they see fit RE Tidelift >> but how should this be allowed to trickle in on Apache WRT mentions in web >> sites and files like readme. IOW, should structs assets remove mentions of >> Tidelift? >> >> Gary >> >> On Wed, Jan 12, 2022, 08:52 Jim Jagielski <j...@jagunet.com> wrote: >> >>> IMO, the foundation and the project should do nothing associated with >>> this. It should neither encourage or condone it. In no way should we enter >>> into any agreement, contract, whatever, w/ Tidelift. If Tidelift wishes to >>> work independently and directly w/ people, that's fine. But having the ASF >>> and/or the project involved at any level should be disallowed. >>> >>> We cannot also ignore the obvious self-serving nature of the request by >>> Tidelift and if we are comfortable with them using this as an opportunity >>> for promotion. >>> >>>> On Jan 11, 2022, at 4:49 PM, Ralph Goers <ralph.go...@dslextreme.com> >>> wrote: >>>> >>>> Hello all, >>>> >>>> Recently the Logging Services PMC was approached by Tidelift offering to >>> provide monetary support either to the project or individual committers. To >>> obtain that sponsorship the project has to agree to the terms at >>> https://support.tidelift.com/hc/en-us/articles/4406309657876-Lifter-agreement. >>> It appears that Struts has accepted this already. >>>> >>>> Some PMC members are interested in pursuing this but I am questioning a) >>> whether the agreement conflicts with ASF practices and b) whether the legal >>> agreement is too ambiguous. Two ASF members commented on the Logging >>> Services private list that they had concerns about the agreement. >>>> >>>> In response to these concerns I created >>> https://issues.apache.org/jira/browse/LEGAL-593. The guidance there >>> seemed to be that payment to the ASF by Tidelift would not be allowed but >>> payment to individuals might be. No guidance on the agreement was provided. >>> It was recommended I post here instead. >>>> >>>> In looking for more clarification from Tidelift about their agreement >>> and who could receive payment we received this response: >>>> >>>> Great follow up question, you are spot on. Each of the >>> individuals on the team page could become a lifter and the funds allocated >>> for Log4j would be split between them. >>>> >>>> Additional pieces of information to add nuance: >>>> >>>> * For someone to _start_ lifting a project with Tidelift, the >>> verification process involves us looking to official sources for >>> confirmation–such as the team page. After a project is lifted, the >>> verification process ultimately hinges on open communication between us and >>> whichever lifter has been nominated to be the primary contact (in full view >>> of all of the project's lifters so that we know there's shared agreement). >>>> >>>> * Funds can be split any way you see fit, evenly or otherwise. In >>> most cases, we see an even split. In cases where the funds are directed >>> back to a foundation, 100% of the funds go to the foundation and the share >>> assigned to the lifters is 0%. >>>> >>>> * This approach has allowed us to decouple any individual >>> project's governance from our own processes, and has proven to be effective >>> in many different contexts. As we grow, it may well be that our processes >>> need to evolve, so that's a conversation that I'm open to as we continue >>> discussing :o) >>>> >>>> So it is clear to me that Tidelift requires the project as a whole to >>> approve the agreement, even though only select individuals may choose to >>> receive payment, especially since one of the requirements is a public >>> acknowledgment of Tidelift on one of the project’s sites. >>>> >>>> I find this problematic as I cannot reconcile how it is OK for >>> individuals to receive payment so that the ASF is not officially involved >>> while at the same time the PMC must approve the agreement for individuals >>> to be able to accept payment. Furthermore, I still have no idea whether the >>> terms of the agreement would put a PMC in conflict with ASF policies or >>> whether the ambiguities in the agreement would put the ASF in a bad place. >>> I realize the ASF’s argument would be “We have nothing to do with this” but >>> I suspect that wouldn’t fly since the PMC has to agree to it. >>>> >>>> To be clear, I have no idea if this is the correct place to discuss >>> this. Personally, I was under the impression that a Legal Jira was where >>> this kind of stuff got resolved. But here I am. >>>> >>>> Thoughts? >>>> >>>> Ralph >>>> >>>> >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: dev-unsubscr...@community.apache.org >>>> For additional commands, e-mail: dev-h...@community.apache.org >>>> >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: dev-unsubscr...@community.apache.org >>> For additional commands, e-mail: dev-h...@community.apache.org >>> >>> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > For additional commands, e-mail: dev-h...@community.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org
