Re: [open-regulatory-compliance] Overall charter / representation of Ste

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [open-regulatory-compliance] Overall charter / representation of Stewards

From: Omkhar Arasaratnam <omkhar@xxxxxxxxxxxxxxxxxxx>
Date: Wed, 29 May 2024 20:42:40 -0400
Delivered-to: open-regulatory-compliance@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/open-regulatory-compliance/>
List-help: <mailto:open-regulatory-compliance-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/open-regulatory-compliance>, <mailto:open-regulatory-compliance-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/open-regulatory-compliance>, <mailto:open-regulatory-compliance-request@eclipse.org?subject=unsubscribe>

It doesn't seem worth rebutting these items line by line. While OpenSSF had previously been informed of this coalition, the charter was not provided until last week. As such, nuanced items like the cap on Steward participation in the Steering Committee were neither well understood nor widely known. If there are working calls to ratify this Charter cooperatively, I'm happy to participate.

I have some follow up questions and comments:

Like others, we've noticed that this is structured as a generic umbrella project. We would prefer a Charter which is constrained to just the CRA.
Unclear as to how the Charter will be boot strapped. If there are three types of members, two of which vote as a class, who will approve the first Charter? How will the two classes (Stewards, Guests) vote?
We have created an MOU which we would prefer signing rather than a membership agreement. I believe it would be more appropriate for other Stewards as well, I value feedback from other Stewards as well. This is standard practice for most coalitions. We all have our own foundations to run and this streamlines what we want to achieve to the minimum viable governance.
Proclaiming that things have been done a particular way for "20 years" and implying correctness through tenure precludes improvement and innovation. I'd like us to keep an open mind with all suggestions so that we can all be vested in the outcome.

On Wed, May 29, 2024 at 9:57 AM Gael Blondelle <gael.blondelle@xxxxxxxxxxxxxxxxxxxxxx> wrote:

Hi Omkhar,

There are a few assumptions in your note that we don’t agree with, and we think go in the wrong direction. I’ll note them in-line.

Cheers,
--
Gaël Blondelle
P: +33 (0) 6 73 39 21 85 | Twitter | LinkedIn

On Tue, May 28, 2024 at 11:39 PM Omkhar Arasaratnam via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx> wrote:
Hi folks,

Reviewing the current participation agreement and charter, we have some concerns about the overall direction.

In the earlier part of the CRA process, the EU Commission had expressed concerns regarding feedback from multiple conflicting points of view in the open source community. The OpenSSF's goal was to join this coalition to provide a unified voice across stewards/foundations/non-profits to the EU government to ensure the CRA supports the interests of our community.

Omkhar, we would characterise the concerns of the EU Commission as being more about there not being any sort of “Stewards group” to turn to that is at least representative of the broader open source community. Your statement that there are multiple conflicting points of view - that’s inevitable; what is helpful to them is a broad group of stakeholders working together with whom they can turn.

Further, your suggestion of providing a “unified voice”, while laudable, is not and should not be a goal. Rather, the open source foundations that have come forward in the original press release, including Eclipse Foundation, have the goal of building pragmatic and useful open specifications that will help themselves and the downstream adopters of open source projects meet the obligations of the new legislation. “Unified voice” implies consensus, which is hardly possible. Rather, one of the attractive features of using this working group is that it defines a means for a majority of parties to reach a decision. In short, we are seeking a majority support and not consensus and we think this is the right way to go given the short time frame to develop and provide impactful specifications.

The current approach caps the decision-making power of all Stewards to three votes in the steering committee while offering an uncapped number of votes for a paid membership.
This is untrue. The initial number of Steward members on the committees begins at three, but then grows proportionately as the size of the committees grow.

Two comments about this approach to share with you and others. First, we have reviewed this structure with key stakeholders in advance (and I believe Mike Milinkovich discussed this with you as well previously), including the entities listed in the original press release as well as with other key stakeholders. The general feedback (again, not consensus) is this model, while not perfect, does give strong representation to the Stewards and ought to be sufficient to ensure their influence is powerful. Second, and FWIW, Eclipse Foundation has used this exact model of representation on its Board of Directors for 20 years with great success and effect. While it may feel like a leap of faith, it is not like it is an untested model.

This model does not meet our requirements regarding consensus building across the Stewards, as it inherently weighs decisions more heavily in favor of for-profit organizations.

We appreciate your feedback. Do keep in mind that the representation we are talking about is in regard to the governance of the initiative, and not the development of the open specifications. We didn’t get to talk about this during the “interested parties” call last week, but we will focus on this in the next call. But relevant to your comment, participation in the specifications will be open to all members and it is our expectation that the work done here will be led substantially by the Stewards.

We want to build consensus across our peer Stewards to serve our community's needs. To address this, I propose we either:
Split into two groups, one representing paid membership and one representing Stewards.
Provide each Steward with one vote in the steering committee.
Frankly, we considered such an approach but reached the conclusion that would a) fail to address the concerns raised originally by the EU Commission you brought up above, and b) fail due to not addressing the concerns of both the Stewards, and industry, including SMEs and larger organisations. Moreover, while it’s still to be proven, we don’t believe it’s necessary to split them to achieve our goals.

Our goal is to represent the security interests of the open source community; please let me know what the best path is.

Obviously, we share this goal of representing the open source community. There is lots more to come, but with respect to the governance we believe we have a workable path forward.

--
Omkhar Arasaratnam
General Manager
OpenSSF | The Linux Foundation
https://openssf.org/
_______________________________________________
open-regulatory-compliance mailing list
open-regulatory-compliance@xxxxxxxxxxx
To unsubscribe from this list, visit https://accounts.eclipse.org

--oa

References:
- [open-regulatory-compliance] Overall charter / representation of Stewards
  - From: Omkhar Arasaratnam
- Re: [open-regulatory-compliance] Overall charter / representation of Stewards
  - From: Gael Blondelle

Prev by Date: Re: [open-regulatory-compliance] Nokia comments to the draft charter
Next by Date: Re: [open-regulatory-compliance] [EXTERNAL] Clarification on the WG practicalities
Previous by thread: Re: [open-regulatory-compliance] Overall charter / representation of Stewards
Next by thread: [open-regulatory-compliance] Next steps and book the date for the next meeting
Index(es):
- Date
- Thread

Breadcrumbs