| Re: [open-regulatory-compliance] Stewards, open source projects etc |
Delighted to have found this group!
- While the shape of what a conformity assessment might look like and what standards may be established to demonstrate fulfillment are still TBD, has anyone considered the scalability issue of assessing such conformance across the vast ecosystem of dependencies that a product may entail?
- Could a convention be adopted in repos to include a steward.md and/or attestation.md file indicating whether such items exist? This could then be potentially ingested by scanning tools and used to highlight projects without such artifacts for risk escalation/discernment.
- Also considering submitting this idea to the SPDX/CycloneDX groups as a potential specification enhancement – has this idea been discussed yet in this group (or otherwise)?
Thank you!
Ria
From: open-regulatory-compliance <open-regulatory-compliance-bounces@xxxxxxxxxxx> On Behalf Of Daniel Thompson-Yvetot via open-regulatory-compliance
Sent: Tuesday, August 6, 2024 9:53 AM
To: Open Regulatory Compliance Working Group <open-regulatory-compliance@xxxxxxxxxxx>
Cc: Daniel Thompson-Yvetot <denjell@xxxxxxxxxxxxxx>
Subject: Re: [open-regulatory-compliance] Stewards, open source projects etc
Yes @tobie - there are rules about donations for nonprofits in Germany, and actually every European country handles them slightly differently. I feel that this is important to remember. (Also, I cannot recommend setting up a non-profit in Germany.)
_______________________________________________
In Germany there's like four (or so) classes of activity within a non-profit (links in German):
- Ideal (like donations, membership fees, fulfils the charter of the non-profit)
- Chartered operations (doing the things that the company exists to do)- Taxable activity (the non-profit is selling something tangible, not directly inline with their explicit charter, at risk of losing non-profit status)
- Sponsoring (if there is ANY kickback, even a link on a website attached to a logo, it is a taxable activity)
Basically my point is that there is no utility in comparing with US-based foundations / non-profits since the legislative directives are so varied.
On Tue, Aug 6, 2024 at 6:06 PM Greg Wallace via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx> wrote:mental note: add to FAQ (Greg's todo)
also, including access to attestations as one of a number of ways to engage w the community and demonstrate support may take quid pro quo off the table
On Tue, Aug 6, 2024, 12:01 PM Tobie Langel via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx> wrote:
On Tue, Aug 6, 2024 at 5:39 PM Greg Wallace via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx> wrote:
I wonder if it comes down mostly to a question of semantics - e.g. is it a "donation" or something else?
My understanding is that in the US, it's a question of proportion. Some portion of your revenue can have quid pro quo, but if you're above a certain threshold, then your nonprofit status might be at risk.
--tobie
_______________________________________________
open-regulatory-compliance mailing list
open-regulatory-compliance@xxxxxxxxxxx
To unsubscribe from this list, visit https://accounts.eclipse.org_______________________________________________
open-regulatory-compliance mailing list
open-regulatory-compliance@xxxxxxxxxxx
To unsubscribe from this list, visit https://accounts.eclipse.org
open-regulatory-compliance mailing list
open-regulatory-compliance@xxxxxxxxxxx
To unsubscribe from this list, visit https://accounts.eclipse.org