Since you wanted to have a smooth and nice cooperation - as a courtesy, Is it possible that you explicitly put ASF there and obligations that are not valid (especially when you reach out to PMCs of Airflow projects)?
I think otherwise it puts too much responsibility on individuals to check what their organisations are ok with. It puts them in a bit of an awkward position where something is "required" but "not really". This might also lead to a number of legal questions from those people (very few people read past legal issues and discussions in JIRA) which we want to avoid. Also some people might not realise that their organisations are not aware of the requirements and they might accidentally break those. A bit of context here why I am interested and discussing it. It's not that I am arguing against Tidelift or anything like that. I am just very transparent and try to get this whole cooperation between contributors and stakeholders hashed out and defined in simple and straightforward terms that are beneficial for the Foundation. The good of ASF, its longevity, values, and vendor-neutrality is an absolute key for me and top priority. So I wanted to make sure that what we will come up, will be completely neutral and that many, many 3rd-parties like tidelift can make use of it - equally. Over the last few months I've been thinking, discussing and drafting with a number of people and organisations (and lawyers of mine) a missing piece in the puzzle. Likely soon I will make a proposal to legal/board and comms about having a simple page for "contributor/stakeholder" relationships, where the ASF will actually explicitly provide some DOs/DOnts and looser guidelines for such a cooperation (the above will be one of DON'T). When/If it happens - we will propose and discuss it here, at legal-discuss and finally if that succeeds - it might be presented to the board. Would that help if you have such a page and explicitly refer to it in case of ASF and you could refer to it explicitly ? J. On Mon, Oct 31, 2022 at 10:41 PM Ralph Goers <ralph.go...@dslextreme.com> wrote: > > The wording now basically says that anything listed as an obligation can > be ignored if it conflicts with your organization’s policy requirements. So > that should make it possible for individuals to agree to work with Tidelift > without the PMC agreeing to anything. > > That said, I personally have no problem having a project support page > that lists the individuals who accept GitHub sponsorships. Likewise I > think it would be OK to list the people who are accepting sponsorship from > Tidelift. But it is not a requirement on a project to do either of these > things. > > Ralph > > > > > On Oct 31, 2022, at 1:47 PM, Jarek Potiuk <ja...@potiuk.com> wrote: > > > > I think the door was always open to work with Tidelift by the individuals. > > This has never been a problem (and recruiting individual PMC members > > by you was never a problem either). > > > > However, yes, I do have a question now. I am actually - as a PMC > > member of Apache Airflow interested. You have one of your customers > > here, actually :). > > > > The statement in your document is a bit vague and seems to workaround > > the original problem a bit. > > > > 1) Are you going to ask the individuals in your contract to put the > > logo of Tidelift on the project's website / github project etc. (in > > what form) ? > > 2) Or will you ask them so that they personally as individuals mention > > they are sponsored by Tidelift ? > > > > The former is still not good for ASF IMHO (nothing changed), the > > latter has always been good (nothing changed either). > > > > So for me it looks like nothing has changed, you just stopped > > requiring individuals to mention Tidelift in the PMC docs (this was > > the original problem)? > > > > Is my understanding correct? > > > > Let's take Apache Airflow. What would be a requirement if you want to > > work with me? > > > > And yes - I am perfectly fine to discuss it in public - transparency > > is super important to me and I always disclose what is the scope and > > requirements of cooperation I do on open-source (I think this is > > crucial in the OSS contracts). > > > > J. > > > > On Mon, Oct 31, 2022 at 7:42 PM Joshua Simmons > > <joshua.simm...@tidelift.com> wrote: > >> > >> Hi Jarek, > >> > >>> I have a question - what exactly do you expect here? What is your ask and > >>> proposal ? I read the docs and I have not found any action that I or > >> anyone > >>> else here could take here - (possibly that's why you did not get any > >>> response) - I looked at it several days ago but I could not find anything > >> I > >>> could do for one. Now, the message popped up in my reminder and I see I > >> was > >>> not the only one. > >> > >> Oh, thank you for asking the question. I could have been more clear! > >> > >> No action requested or response expected, I sent this follow up as a > >> courtesy to the community since it generated so much conversation across > >> multiple mailing lists (including this one) back in the January-March time > >> frame :o) > >> > >> That being said, any project committers or PMC members who want to explore > >> working with Tidelift to underwrite their work: the door is now open! Our > >> subscribers use over 1000 org.apache namespace packages, which means income > >> is available for every one of those. Folks who are interested should > >> discuss with fellow PMC members and are welcome to reach out to me. > >> > >> I'll be proactively reaching out to some PMCs, but I want to be respectful > >> and not gum up this mailing list with recruitment efforts. > >> > >> If folks have questions or concerns, I'm here to help! > >> > >> Cheers, > >> Josh > >> > >> Josh Simmons (he/they), Sr. Principal Foundations Advocate @ Tidelift > >> <https://tidelift.com/> > >> @joshsimmons <https://twitter.com/joshsimmons> | @josh:josh.tel > >> <https://josh.tel/@josh> | bluesomewhere on IRC > >> TZ: US/Pacific; UTC-07:00 Mar-Nov; UTC-08:00 Nov-Mar > >> ad astra per aspera 🚀 > >> > >> > >> On Sun, Oct 30, 2022 at 5:50 PM Jarek Potiuk <ja...@potiuk.com> wrote: > >> > >>> I have a question - what exactly do you expect here? What is your ask and > >>> proposal ? I read the docs and I have not found any action that I or > >>> anyone > >>> else here could take here - (possibly that's why you did not get any > >>> response) - I looked at it several days ago but I could not find anything > >>> I > >>> could do for one. Now, the message popped up in my reminder and I see I > >>> was > >>> not the only one. > >>> > >>> J. > >>> > >>> On Thu, Oct 20, 2022 at 8:06 PM Joshua Simmons < > >>> joshua.simm...@tidelift.com> > >>> wrote: > >>> > >>>> Hi folks, I wanted to follow up on this thread to let everyone know that > >>>> we've taken the feedback from ASF community members across a variety of > >>>> threads and updated our agreements accordingly. For context, I've > >>> attached > >>>> a doc summarizing discussion as it stood back in February (including > >>> links > >>>> to other relevant threads and docs). > >>>> > >>>> The blocker that was identified was Tidelift's "public notice > >>> requirement" > >>>> which in most projects would've required an action by the project as a > >>>> whole, counter to the (rightful) prohibition of directed development > >>> within > >>>> ASF-hosted projects. > >>>> > >>>> To fix that, we added language to all of our agreements that makes it > >>>> clear: Tidelift will never ask maintainers to act in contravention with > >>> the > >>>> policies of their fiscal sponsor. > >>>> > >>>> > >>>> *> If your Project is formally part of a larger open source organization, > >>>> such a fiscal sponsor or other non-profit that provides technical > >>>> infrastructure to open source projects, Tidelift will not require you to > >>>> perform Services that are in conflict with any written requirements of > >>> that > >>>> organization.* > >>>> > >>>> The full text of our updated agreement can be found here: > >>>> > >>> https://support.tidelift.com/hc/en-us/articles/4406309657876-Lifter-agreement > >>>> > >>>> Our hope is that this removes a barrier between maintainers of ASF-hosted > >>>> projects and receiving income from downstream users through Tidelift to > >>>> support work which might otherwise go uncompensated. > >>>> > >>>> If there are any other questions or concerns that folks have, please do > >>>> let me know! My role these days is entirely focused on making sure we're > >>>> addressing the needs of foundations like the Apache Software Foundation > >>> and > >>>> its member projects. I've also included co-founder Jeremy Katz on this > >>>> email, as doing right by foundations and the projects they host is a > >>>> priority for all of Tidelift. > >>>> > >>>> Onward and upward, > >>>> Josh > >>>> > >>>> Josh Simmons (he/they), Sr. Principal Foundations Advocate @ Tidelift > >>>> <https://tidelift.com/> > >>>> @joshsimmons <https://twitter.com/joshsimmons> | > >>>> joshua.simm...@tidelift.com | bluesomewhere on IRC > >>>> TZ: US/Pacific; UTC-07:00 Mar-Nov; UTC-08:00 Nov-Mar > >>>> ad astra per aspera [image: 🚀] > >>>> > >>>> > >>>> On 2022/01/11 21:49:59 Ralph Goers wrote: > >>>>> Hello all, > >>>>> > >>>>> Recently the Logging Services PMC was approached by Tidelift offering > >>> to > >>>> provide monetary support either to the project or individual committers. > >>> To > >>>> obtain that sponsorship the project has to agree to the terms at > >>>> > >>> https://support.tidelift.com/hc/en-us/articles/4406309657876-Lifter-agreement > >>> . > >>>> It appears that Struts has accepted this already. > >>>>> > >>>>> Some PMC members are interested in pursuing this but I am questioning > >>> a) > >>>> whether the agreement conflicts with ASF practices and b) whether the > >>> legal > >>>> agreement is too ambiguous. Two ASF members commented on the Logging > >>>> Services private list that they had concerns about the agreement. > >>>>> > >>>>> In response to these concerns I created > >>>> https://issues.apache.org/jira/browse/LEGAL-593. The guidance there > >>>> seemed to be that payment to the ASF by Tidelift would not be allowed but > >>>> payment to individuals might be. No guidance on the agreement was > >>> provided. > >>>> It was recommended I post here instead. > >>>>> > >>>>> In looking for more clarification from Tidelift about their agreement > >>>> and who could receive payment we received this response: > >>>>> > >>>>> Great follow up question, you are spot on. Each of the > >>>> individuals on the team page could become a lifter and the funds > >>> allocated > >>>> for Log4j would be split between them. > >>>>> > >>>>> Additional pieces of information to add nuance: > >>>>> > >>>>> * For someone to _start_ lifting a project with Tidelift, the > >>>> verification process involves us looking to official sources for > >>>> confirmation–such as the team page. After a project is lifted, the > >>>> verification process ultimately hinges on open communication between us > >>> and > >>>> whichever lifter has been nominated to be the primary contact (in full > >>> view > >>>> of all of the project's lifters so that we know there's shared > >>> agreement). > >>>>> > >>>>> * Funds can be split any way you see fit, evenly or otherwise. > >>>> In most cases, we see an even split. In cases where the funds are > >>> directed > >>>> back to a foundation, 100% of the funds go to the foundation and the > >>> share > >>>> assigned to the lifters is 0%. > >>>>> > >>>>> * This approach has allowed us to decouple any individual > >>>> project's governance from our own processes, and has proven to be > >>> effective > >>>> in many different contexts. As we grow, it may well be that our processes > >>>> need to evolve, so that's a conversation that I'm open to as we continue > >>>> discussing :o) > >>>>> > >>>>> So it is clear to me that Tidelift requires the project as a whole to > >>>> approve the agreement, even though only select individuals may choose to > >>>> receive payment, especially since one of the requirements is a public > >>>> acknowledgment of Tidelift on one of the project’s sites. > >>>>> > >>>>> I find this problematic as I cannot reconcile how it is OK for > >>>> individuals to receive payment so that the ASF is not officially involved > >>>> while at the same time the PMC must approve the agreement for individuals > >>>> to be able to accept payment. Furthermore, I still have no idea whether > >>> the > >>>> terms of the agreement would put a PMC in conflict with ASF policies or > >>>> whether the ambiguities in the agreement would put the ASF in a bad > >>> place. > >>>> I realize the ASF’s argument would be “We have nothing to do with this” > >>> but > >>>> I suspect that wouldn’t fly since the PMC has to agree to it. > >>>>> > >>>>> To be clear, I have no idea if this is the correct place to discuss > >>>> this. Personally, I was under the impression that a Legal Jira was where > >>>> this kind of stuff got resolved. But here I am. > >>>>> > >>>>> Thoughts? > >>>>> > >>>>> Ralph > >>>>> > >>>>> > >>>>> > >>>>> --------------------------------------------------------------------- > >>>>> To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > >>>>> For additional commands, e-mail: dev-h...@community.apache.org > >>>>> > >>>>> > >>>> > >>>> --------------------------------------------------------------------- > >>>> To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > >>>> For additional commands, e-mail: dev-h...@community.apache.org > >>> > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > > For additional commands, e-mail: dev-h...@community.apache.org > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > For additional commands, e-mail: dev-h...@community.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org
