Hi, On Wed, Jan 12, 2022 at 3:58 PM Jim Jagielski <j...@jagunet.com> wrote:
> Over in the Apache HTTPD project, both the HTTP/2 and the new mod_tls > modules were paid for by outside entities. That is, this entity wanted > these modules to exist, contracted out w/ a 3rd party to write/develop > them, and then backed away. There was no guarantee that these modules would > even be accepted, that the code would be treated specially or differently, > or anything at all like that. At no point was the PMC or the foundation > involved at all. The only consideration was that whatever was being donated > to the project was, in fact, being donated; that this external > work-for-hire was allowed to be, and was intended to be, donated and used > by the ASF under the ALv2. > > If Tidelift wishes to contract out to individuals, it is certainly within > its rights and that's 100% A-OK. However, they must be aware that there is > no guarantee that any work that the "lifters" provide will be included. > There is no way nor guarantee that the lifters are able to direct or manage > the project in a way that Tidelift and/or its customers would want. They > are not paying for access nor are they paying for guaranteed improvements > or inclusion. That must be clear. > > My understanding of the Tidelift arrangement is that they are providing > some sort of assurance that these lifters are not only developing the code, > but also "maintaining" it, which implies active, constant and "guaranteed" > contribution. Any lifters involved with Apache projects cannot guarantee > that. They cannot maintain it anymore, or any less, than anyone else, > working within the confines of the project. > I have 2 questions: 1- How did that work in the case of Apache Struts ? Any details can be shared ? 2- Is the concept of "guarantying" here in the Legal sense ? or is it "guarantying" by approaching the "right individuals" ? By "right individuals" (double quoting is intentional) I mean (P)PMC Members for example. Though they, as mentioned here, can get funded as individuals who don't represent the ASF as an organization nor they represent the target project in any official way, but being a (P)PMC Member (by the definition of the ASF organization itself) show/guarantees that the approached individuals have the merit and the commitment towards that target project, hence guarantying that such funds will be used efficiently or in the right way (I am using 'efficiently' and 'the right way' in their broader sense). But even with that in mind, I believe there is a catch ? If any of those individuals, being (P)PMC member or not, stopped working on the target project for whatever reason, What happens then ? > > On Jan 12, 2022, at 9:16 AM, Gary Gregory <garydgreg...@gmail.com> > wrote: > > > > I agree that people should handle their affairs as they see fit RE > Tidelift > > but how should this be allowed to trickle in on Apache WRT mentions in > web > > sites and files like readme. IOW, should structs assets remove mentions > of > > Tidelift? > > > > Gary > > > > On Wed, Jan 12, 2022, 08:52 Jim Jagielski <j...@jagunet.com> wrote: > > > >> IMO, the foundation and the project should do nothing associated with > >> this. It should neither encourage or condone it. In no way should we > enter > >> into any agreement, contract, whatever, w/ Tidelift. If Tidelift wishes > to > >> work independently and directly w/ people, that's fine. But having the > ASF > >> and/or the project involved at any level should be disallowed. > >> > >> We cannot also ignore the obvious self-serving nature of the request by > >> Tidelift and if we are comfortable with them using this as an > opportunity > >> for promotion. > >> > >>> On Jan 11, 2022, at 4:49 PM, Ralph Goers <ralph.go...@dslextreme.com> > >> wrote: > >>> > >>> Hello all, > >>> > >>> Recently the Logging Services PMC was approached by Tidelift offering > to > >> provide monetary support either to the project or individual > committers. To > >> obtain that sponsorship the project has to agree to the terms at > >> > https://support.tidelift.com/hc/en-us/articles/4406309657876-Lifter-agreement > . > >> It appears that Struts has accepted this already. > >>> > >>> Some PMC members are interested in pursuing this but I am questioning > a) > >> whether the agreement conflicts with ASF practices and b) whether the > legal > >> agreement is too ambiguous. Two ASF members commented on the Logging > >> Services private list that they had concerns about the agreement. > >>> > >>> In response to these concerns I created > >> https://issues.apache.org/jira/browse/LEGAL-593. The guidance there > >> seemed to be that payment to the ASF by Tidelift would not be allowed > but > >> payment to individuals might be. No guidance on the agreement was > provided. > >> It was recommended I post here instead. > >>> > >>> In looking for more clarification from Tidelift about their agreement > >> and who could receive payment we received this response: > >>> > >>> Great follow up question, you are spot on. Each of the > >> individuals on the team page could become a lifter and the funds > allocated > >> for Log4j would be split between them. > >>> > >>> Additional pieces of information to add nuance: > >>> > >>> * For someone to _start_ lifting a project with Tidelift, the > >> verification process involves us looking to official sources for > >> confirmation–such as the team page. After a project is lifted, the > >> verification process ultimately hinges on open communication between us > and > >> whichever lifter has been nominated to be the primary contact (in full > view > >> of all of the project's lifters so that we know there's shared > agreement). > >>> > >>> * Funds can be split any way you see fit, evenly or otherwise. In > >> most cases, we see an even split. In cases where the funds are directed > >> back to a foundation, 100% of the funds go to the foundation and the > share > >> assigned to the lifters is 0%. > >>> > >>> * This approach has allowed us to decouple any individual > >> project's governance from our own processes, and has proven to be > effective > >> in many different contexts. As we grow, it may well be that our > processes > >> need to evolve, so that's a conversation that I'm open to as we continue > >> discussing :o) > >>> > >>> So it is clear to me that Tidelift requires the project as a whole to > >> approve the agreement, even though only select individuals may choose to > >> receive payment, especially since one of the requirements is a public > >> acknowledgment of Tidelift on one of the project’s sites. > >>> > >>> I find this problematic as I cannot reconcile how it is OK for > >> individuals to receive payment so that the ASF is not officially > involved > >> while at the same time the PMC must approve the agreement for > individuals > >> to be able to accept payment. Furthermore, I still have no idea whether > the > >> terms of the agreement would put a PMC in conflict with ASF policies or > >> whether the ambiguities in the agreement would put the ASF in a bad > place. > >> I realize the ASF’s argument would be “We have nothing to do with this” > but > >> I suspect that wouldn’t fly since the PMC has to agree to it. > >>> > >>> To be clear, I have no idea if this is the correct place to discuss > >> this. Personally, I was under the impression that a Legal Jira was where > >> this kind of stuff got resolved. But here I am. > >>> > >>> Thoughts? > >>> > >>> Ralph > >>> > >>> > >>> > >>> --------------------------------------------------------------------- > >>> To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > >>> For additional commands, e-mail: dev-h...@community.apache.org > >>> > >> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > >> For additional commands, e-mail: dev-h...@community.apache.org > >> > >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > For additional commands, e-mail: dev-h...@community.apache.org > > -- Thanks - Mohammad Noureldin ---- "Life is like riding a bicycle. To keep your balance you must keep moving" - Albert Einstein
