Delighted to have found this group!
- While the shape of what a conformity assessment might look like and what standards may be established to demonstrate fulfillment are still TBD, has anyone
considered the scalability issue of assessing such conformance across the vast ecosystem of dependencies that a product may entail?
- Could a convention be adopted in repos to include a steward.md and/or attestation.md file indicating whether such items exist? This could then be potentially
ingested by scanning tools and used to highlight projects without such artifacts for risk escalation/discernment.
- Also considering submitting this idea to the SPDX/CycloneDX groups as a potential specification enhancement – has this idea been discussed yet in this
group (or otherwise)?
Thank you!
Ria
From: open-regulatory-compliance <open-regulatory-compliance-bounces@xxxxxxxxxxx>
On Behalf Of Daniel Thompson-Yvetot via open-regulatory-compliance
Sent: Tuesday, August 6, 2024 9:53 AM
To: Open Regulatory Compliance Working Group <open-regulatory-compliance@xxxxxxxxxxx>
Cc: Daniel Thompson-Yvetot <denjell@xxxxxxxxxxxxxx>
Subject: Re: [open-regulatory-compliance] Stewards, open source projects etc
Yes @tobie - there are rules about donations for nonprofits in Germany, and actually every European country handles them slightly differently. I feel that this is important to remember. (Also, I cannot recommend setting up a non-profit
in Germany.)
In Germany there's like four (or so) classes of activity within a non-profit (links in German):
-
Ideal (like donations, membership fees, fulfils the charter of the non-profit)
- Chartered
operations (doing the things that the company exists to do)
-
Taxable activity (the non-profit is selling something tangible, not directly inline with their explicit charter, at risk of losing non-profit status)
-
Sponsoring (if there is ANY kickback, even a link on a website attached to a logo, it is a taxable activity)
Basically my point is that there is no utility in comparing with US-based foundations / non-profits since the legislative directives are so varied.
On Tue, Aug 6, 2024 at 6:06 PM Greg Wallace via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx> wrote:
mental note: add to FAQ (Greg's todo)
also, including access to attestations as one of a number of ways to engage w the community and demonstrate support may take quid pro quo off the table
I wonder if it comes down mostly to a question of semantics - e.g. is it a "donation" or something else?
My understanding is that in the US, it's a question of proportion. Some portion
of your revenue can have quid pro quo, but if you're above a certain threshold, then your nonprofit status might be at risk.
_______________________________________________
open-regulatory-compliance mailing list
open-regulatory-compliance@xxxxxxxxxxx
To unsubscribe from this list, visit
https://accounts.eclipse.org
_______________________________________________
open-regulatory-compliance mailing list
open-regulatory-compliance@xxxxxxxxxxx
To unsubscribe from this list, visit
https://accounts.eclipse.org
|