Re: MPL2 instead of LGPL

2020-08-20 Thread Mirko Boehm 
Hello,

> On 20. Aug 2020, at 01:25, Hörmetjan Yiltiz  wrote:
> 
> May I try to point out the elephant in the room? Most KDE applications and 
> libraries are copyleft, with tremendous effort and contributions from a wide 
> range of people. Since most of them belong to more than one author, it is not 
> possible for a maintainer to simply re-licence an existing piece of software 
> from copyleft to permissive style license; that requires getting all previous 
> contributors on board and getting their explicit permission. However, if 
> anyone is working on a new project based solely on permissive style licenses, 
> the developer(s) are free to also release their new project in a permissive 
> style license. I hope I did not digress.

No, you did not. This is a fair and probably the crucial point when discussing 
a license change: How can you get agreement from all relevant contributors? 
There are two hurdles in that process: a) getting everybody to agree that 
License X is the choice of the future, and then b) getting everybody down to 
the last person to sign off on it.

The limitations and the age of the (L)GPL are clearly showing. I agree with 
Martin that the technical intricacies usually get lost in legal assessments or 
courts. The difference between states and dynamic linking is also blurry. When 
I teach licensing, I teach intent: “You can use my code even in proprietary 
applications, but if you have modifications to my code, you should publish them 
under the same license.” This is very close to the understanding in the legal 
discussions, and disconnected from the technical details the nerds (me 
included) usually focus on. 

Best,

MIrko.

Re: Proposal: Allow REUSE compatible License Statements in License Policy

2020-01-14 Thread Mirko Boehm (KDE) 
Hi,

> On 13. Jan 2020, at 21:18, Johan Ouwerkerk  wrote:
> 
>> - current version of the draft: https://community.kde.org/Policies/ 
>> <https://community.kde.org/Policies/>
>> Licensing_Policy/Draft_SPDX_v2
>> 
> 
> One thing that is not entirely clear to me is what our position would
> be towards e.g. *.license files or DEP5 files as suggested by the
> REUSE spec.

My recommendation is to choose one. The more widely used and recommended option 
is SPDX. There is more tooling emerging around the SPDX format because of that. 
The REUSE specs give a choice, the focus is on “use a common, machine-readable 
format”. I suggest we use SPDX.

Best,

Mirko.
-- 
Mirko Boehm | mi...@kde.org | KDE e.V.
Qt Certified Specialist and Trainer
Request a meeting: https://doodle.com/mirkoboehm

Re: SPDX License Headers (for KF6)

2019-11-25 Thread Mirko Boehm 
Hello,

Thanks, Andreas, for getting this important discussion started.

> On 24. Nov 2019, at 19:04, Andreas Cord-Landwehr  wrote:
> 
> ...
> 1. SPDX is the way to go for specifying license headers and we are joining 
> the 
> party already late.

We should not feel bad, we are not that late. However it is kick off this 
effort now to be ready for the new release. 
> 
> 2. We have to be very clear in our discussions about SPDX to distinguish 
> inbound licenses (the license a contributor assign to the code by adding a 
> license header) and outbound licenses (the license a library/application is 
> released with by KDE); inbound and outbound licenses can differ for a 
> framework, e.g. when not all source files have the same license, then the 
> more 
> restrictive license has to be chosen.
> 
> 3. Files should not mix two license headers. This means, the SPDX headers 
> shall be used to fully replace the existing license headers. However, by 
> doing 
> this, they must not change the meaning of any license header. By mixing it, 
> we 
> expect them to deviate at some time, which would lead to having inconsistent 
> licensing information in our sources.
> 
> 4. LGPL-2, LGPL-2.1, LGPL-3, LGPL-2-or-any-later, etc. licenses are straight 
> forward and can be directly be used from the SPDX list.

Agreed to all the points. One key goal should be to make the license statements 
machine readable and following the REUSE principles. I think the KDE community 
is generally doing well in this regard. We should however go through the REUSE 
specifications and make sure we tick all the boxes.

> 5. The next big question is: What do we do with the (L)GPL licenses that have 
> a "KDE e.V." exception?
> - In our license policy we name them "LGPL-2.1+3+KDEeV" (see  community.kde.org/Policies/Licensing_Policy#GPL_3.2BKDEeV 
> <http://community.kde.org/Policies/Licensing_Policy#GPL_3.2BKDEeV>>), yet the 
> values we 
> are using there are not official SPDX markers.
> - During Akademy, I requested at the SPDX GibHub project such an official 
> marker 
> (<https://github.com/spdx/license-list-XML/issues/928 
> <https://github.com/spdx/license-list-XML/issues/928>>). Yet there were two 
> responses, which actually propose different solutions.
> - Today, we came to the point that we think the best next step is to request 
> a 
> clarification from OSI how to name the license, which we are describing in 
> our 
> license headers (i.e. with the KDEeV-exception). Essentially, we would name 
> the license "LGPL-2.1-or-later-or-KDE", but would ask OSI to confirm before 
> we 
> bring this topic back to SPDX.
> 
> Do you have any comments, amendments or even rejections to this approach?
> Or shall we simply proceed?

Again, “machine readable”. Getting a proper SPDX identifier for our policy is 
the right approach. The alternative of using a combined SPDX expression may be 
correct, but it looses the details of our own policy. I support the suggested 
approach.

Best,

Mirko.
-- 
Mirko Boehm | mi...@kde.org | KDE e.V.
Qt Certified Specialist and Trainer
Request a meeting: https://doodle.com/mirkoboehm

Re: 4th global climate strike - should KDE take action?

2019-11-04 Thread Mirko Boehm 
Hello!

> On 4. Nov 2019, at 16:00, Christoph Cullmann  wrote:
> 
> I will just CC the e.V. list with this mail, perhaps somebody is interested 
> there.
> 
> Given I am more inclined to not take part in such "political"
> actions not actually software development related,
> I will not step up to request some vote for this.

I think the usual KDE approach is to have a discussion and let the contributors 
decide for themselves what the right course of action for them is. 

It would be worthwhile to think about making “sustainable computing” a KDE goal 
(as in “the desktop should be as energy-efficient as possible”, for example). 
That would have a concrete impact on the community. See here, too: 
https://sustainabledevelopment.un.org/sdg12 
<https://sustainabledevelopment.un.org/sdg12>

Best,

Mirko.
-- 
Mirko Boehm | mi...@kde.org | KDE e.V.
Qt Certified Specialist and Trainer
Request a meeting: https://doodle.com/mirkoboehm

Re: Facebook's KDE Connector integration app

2019-04-17 Thread Mirko Boehm 
Hi,

> On 16. Apr 2019, at 22:58, Artur Souza  wrote:
> 
> Only real people can own apps or pages. One solution is to create a
> business named KDE and then put all assets under that business (the
> app, the page, etc).
> https://www.facebook.com/business/help/1710077379203657?helpref=faq_content 
> <https://www.facebook.com/business/help/1710077379203657?helpref=faq_content>
Or use KDE e.V. for that. Since it is a legal entity, it is equivalent to a 
business.

Best,

Mirko.
-- 
Mirko Boehm | mi...@kde.org | KDE e.V.
FSFE Team Germany
Qt Certified Specialist and Trainer
Request a meeting: https://doodle.com/mirkoboehm

Re: FOSS-North 2019

2019-03-26 Thread Mirko Boehm 
Hello,

> On 26. Mar 2019, at 12:28, Adriaan de Groot  wrote:
> 
> Reminders, FOSS-North is coming up, april 7-8-9.
>   https://foss-north.se/2019/ <https://foss-north.se/2019/>
> 
> You can come for the community day (7th) and talk about KDE stuff and CMake 
> stuff and C++ stuff with bits of the KDE community and the Gothenburg C++ 
> group; you can come for the conference (8th and 9th) and see a whole bunch of 
> fascinating speakers (ticket required). There will be a KDE booth at the 
> conference if you just want to chat with me :)


I will be there from Sunday to Tuesday. Looking forward to seeing the KDE crowd 
there.

Best,

Mirko.

-- 
Mirko Boehm | mi...@kde.org | KDE e.V.
FSFE Team Germany
Qt Certified Specialist and Trainer
Request a meeting: https://doodle.com/mirkoboehm

Re: Licensing policy change proposal

2019-01-28 Thread Mirko Boehm (KDE) 
Hi,

sorry, but this email contains a lot of assertions that cannot stand.

> On 28. Jan 2019, at 14:28, Krešimir Čohar  wrote:
> 
> >It violates the Open Source definition, especially the rule against 
> >discrimination against use or user. This has been a long-time yardstick for 
> >the KDE community.
> There isn't any discrimination? As long as the operators of the website are 
> being truthful, no one's rights have been violated without consent seeing as 
> they were waived voluntarily. Also, if I'm not mistaken, open source =/= free 
> and open source.

FOSS licenses need to work transitively. We as a community distribute so that 
other can freely use and redistribute. Any restrictions against certain types 
of use undermine that. That is why the Open Source Definition disapproves any 
such restrictions.

> >There is. We cannot prove that we have explicit permission from the author 
> >to use or distribute the work. We also have no way of tracking that who 
> >submits the work to our channels has the right to do so. The idea of “public 
> >domain” only really works for works where copyright has expired.
> 
> Several specious arguments here.
> First, while it is hardly impossible to acquire proof that the authors' 
> rights have been waived, I would surmise that it is rarely done.

Not the point. That is like arguing you can speed if you don't get caught.

> In addition, if the operators of the website are, again, being truthful, they 
> are the copyright holders and there is simply no need to ask anything of the 
> original authors.

The creators of the work are the authors and give the license, not the web site 
operators. Unless that is the same person. You get the idea. 

> Second, no way of tracking if the person submitting the work has the right to 
> do so? Isn't that covered in the license itself? Or are you just saying that 
> we simply don't know if they're lying?

That argument was specifically for public domain works. If a work comes without 
information about the copyright holder, how can we know if we can use it? Who 
gives the public domain dedication? How can you prove it? What if the author 
changes their mind? …

> Third, I wholeheartedly disagree. Not only does the public domain cover 
> intellectual properties the rights to which have been waived (in addition to 
> property whose copyright has expired), it also covers a variety of other 
> situations, see more here: https://www.bitlaw.com/copyright/unprotected.html 
> <https://www.bitlaw.com/copyright/unprotected.html>
So much confusion. This web site speaks about US copyright law, where public 
domain dedications exist. Our responsible legal body is in Germany.

> A great example of this are movies, television series, books with the same 
> name because titles, names etc. don't receive copyright protection (and are 
> hence public domain).

There is a difference between something not being creative enough to be 
separately copyrighted and something being public domain. From one does not 
follow the other. If we need to discuss this, there are a couple of 
knowledgeable people on this list. However I think it gets us nowhere and we 
are not the right forum for it.

Best,

Mirko.
-- 
Mirko Boehm | mi...@kde.org | KDE e.V.
FSFE Team Germany
Qt Certified Specialist and Trainer
Request a meeting: https://doodle.com/mirkoboehm

Re: Licensing policy change proposal

2019-01-28 Thread Mirko Boehm (KDE) 
Hello,

> On 28. Jan 2019, at 13:23, Krešimir Čohar  wrote:
> 
> I don't think there are any problems with using public domain images, and 
> even if there were I'd rather view them as challenges to overcome than 
> obstacles to avoid.

This is not necessarily a question of what we think. This is a question of what 
we as a community can and should distribute. For that, we need at least 
explicit permission from the author, as in a FOSS license. There has been a 
very long debate on the use of public domain works in FOSS, and the summary 
AFAIK is “it is complicated” and “it depends on the jurisdiction”. A great 
summary can be found here: https://opensource.org/node/878: 
<https://opensource.org/node/878:> "an open source user or developer cannot 
safely include public domain source code in a project."  

> 
> > These are both non-free licences and we can not ship files which can
> only be copied with their restrictions.
> 
> Why not? As far as Unsplash goes, their only restriction is not to start a 
> competing service, which is not even remotely what we are trying to do. 
> Surely that is a reasonable and acceptable restriction. It's not unlike the 
> copyleft restrictions ("freedoms") of the GPL.

Because we are a free software community.

I think we need to untangle the discussion:

The Unsplash license looks like a FOSS license to me.
The Pexel license is clearly not a free software license as it comes with other 
restrictions.
The CC0 and other public domain licenses bring in complexity without a clear 
benefit.

Cheers,

Mirko.
-- 
Mirko Boehm | mi...@kde.org | KDE e.V.
FSFE Team Germany
Qt Certified Specialist and Trainer
Request a meeting: https://doodle.com/mirkoboehm

Re: Licensing policy change proposal

2019-01-28 Thread Mirko Boehm 
Hi,

> On 28. Jan 2019, at 13:23, Krešimir Čohar  wrote:
> 
> I don't think there are any problems with using public domain images, and 
> even if there were I'd rather view them as challenges to overcome than 
> obstacles to avoid.

There is. We cannot prove that we have explicit permission from the author to 
use or distribute the work. We also have no way of tracking that who submits 
the work to our channels has the right to do so. The idea of “public domain” 
only really works for works where copyright has expired.

> > These are both non-free licences and we can not ship files which can
> only be copied with their restrictions.
> 
> Why not? As far as Unsplash goes, their only restriction is not to start a 
> competing service, which is not even remotely what we are trying to do. 
> Surely that is a reasonable and acceptable restriction. It's not unlike the 
> copyleft restrictions ("freedoms") of the GPL.

It violates the Open Source definition, especially the rule against 
discrimination against use or user. This has been a long-time yardstick for the 
KDE community.

Best,

Mirko.
-- 
Mirko Boehm | mi...@kde.org | KDE e.V.
FSFE Team Germany
Qt Certified Specialist and Trainer
Request a meeting: https://doodle.com/mirkoboehm

Re: Licensing policy change proposal

2019-01-27 Thread Mirko Boehm 
Hello,

> On 27. Jan 2019, at 19:39, Ivan Čukić  wrote:
> 
> Since all of these mostly boil down to CC0, I'll only comment on it.
> 
>>> https://spdx.org/licenses/CC0-1.0.html 
>>> <https://spdx.org/licenses/CC0-1.0.html>
>> 
>> CC0 should be uncontroversial, it should be definitely allowed by our
>> license policy.
> 
> If I'm not mistaken, none of the licenses we allow at the moment is a "public 
> domain"-like license - in the sense that the author information is not 
> preserved.
> 
> I'm generally leaning against licenses like these - even if authors (of code, 
> of art, etc.) allow us to forget them, I like giving credit where credit's 
> due.


I need to point out that CC0 licenses are problematic in many jurisdictions, as 
there is no simple way to dedicate a work to the public domain. The correct way 
in for example France or Germany would be to use a permissive FOSS license. Let 
us avoid the mine field of public domain.

Best,

Mirko.
-- 
Mirko Boehm | mi...@kde.org | KDE e.V.
FSFE Team Germany
Qt Certified Specialist and Trainer
Request a meeting: https://doodle.com/mirkoboehm

Re: Coming to FOSS-North?

2019-01-17 Thread Mirko Boehm 
Hello,

> On 10. Jan 2019, at 12:35, Adriaan de Groot  wrote:
> 
> Since it's the beginning of the year, let's plan out some events! At the 
> beginning of april there's FOSS-North, in the beautiful [1] city of 
> Gothenburg. Last year KDE had a booth at the conference, and I gave a talk on 
> KDE governance. This year, we can have -- if we plan something -- a community 
> day for hacking, and then the conference too. Conference site [2] and my 
> bloggy bits from last year [3] are online.
> 
> A community day would be a great opportunity to bring KDE / Qt people from 
> the 
> nordic bits of the world together -- as well as anyone else who's in the 
> neighbourhood.
> 
> Please ping me if you're going to be nearby, or might be. A community day 
> could include, say, work on CMake frameworks (I know I've seen a lot of ugly 
> stuff recently), or doing some VDG-style work on bits and pieces, or straight 
> up C++-hacking-with-modern-Qt-slots which needs a little practice with modern 
> C++ methods.

I will attend FOSS-North. But only briefly because the legal and licensing 
workshop starts right after it in Barcelona. I will try to arrive in time for 
the community day (April 7). Maybe there is a chance for dinner.

Best,

Mirko.
-- 
Mirko Boehm | mi...@kde.org | KDE e.V.
FSFE Team Germany
Qt Certified Specialist and Trainer
Request a meeting: https://doodle.com/mirkoboehm

Re: Nominate key KDE frameworks and packages for inclusion in the OIN Linux System Definition

2018-08-30 Thread Mirko Boehm 
Hi,

> On 30. Aug 2018, at 05:46, Adriaan de Groot  wrote:
> 
> On Wednesday, 29 August 2018 18:53:39 CEST Mirko Boehm wrote:
>> KDE software is covered in the definition, but not in the latest version.
>> KDE 3 and 4 packages are included.
> 
> Does any mainstream distro still ship any KDE3 stuff? Does any mainstream
> distro still ship any KDE4 stuff? (FWIW, I've just added deprecation notices
> to all the KDE4 packages on FreeBSD, thinking we were the last to get rid of
> it).

Nothing ever gets removed from the LSD. I think we do have the latest KDE 3 
package versions, but it would not hurt to have a look. Same for KDE 4.

>> I would like to see the KDE frameworks
>> and key shared libraries included. The system definition includes reusable
>> components, applications (“leafs” of the dependency tree) are usually not
>> included. The Linux System is updated every 18-24 months. We just finished
>> one round of updates, so now is a good time to think about nominating
>> updates to the latest versions of “legacy" KDE packages, and nominating new
>> packages for inclusion.
> 
> Sure, I'd be up for that -- I see Cornelius is, too. We could try wrangling
> the frameworks in, as well as updating KDE4 bits if needed; 17.08.3 was the
> very last update of that stack, we could check if it's in the LSD.

Good to have you two on this.

Best,

Mirko.
--
Mirko Boehm | mi...@kde.org | KDE e.V.
FSFE Team Germany
Qt Certified Specialist and Trainer
Request a meeting: https://doodle.com/mirkoboehm



signature.asc
Description: Message signed with OpenPGP

Nominate key KDE frameworks and packages for inclusion in the OIN Linux System Definition

2018-08-29 Thread Mirko Boehm 
Hello,

if you were at Akademy, you heard me present about the Open Invention 
Network (OIN) [1], one of the community sponsors of our conference. OIN is a 
royalty-free patent pool that creates a patent-non-aggression zone for free 
software by building a massive cross-licensing network. What software is 
covered by this cross-license agreement is defined in the OIN Linux System 
Definition (the details are all public on our web site, see below). I manage 
the process of maintaining and updating the Linux System Definition for OIN.

KDE software is covered in the definition, but not in the latest version. KDE 3 
and 4 packages are included. I would like to see the KDE frameworks and key 
shared libraries included. The system definition includes reusable components, 
applications (“leafs” of the dependency tree) are usually not included. The 
Linux System is updated every 18-24 months. We just finished one round of 
updates, so now is a good time to think about nominating updates to the latest 
versions of “legacy" KDE packages, and nominating new packages for inclusion.

I am looking for somebody in the community to act as a “champion” for these 
nominations. Since I am involved in the review process in a stewardship role, I 
cannot also act as the nominator. The job entails working with the community to 
select the packages, put them all together in a spreadsheet, and then working 
with the OIN tech committee until the nomination is accepted. This needs to be 
completed by roughly mid 2019.

Who wants to work with me on that?

Best,

Mirko.
[1] https://www.openinventionnetwork.com/ 
<https://www.openinventionnetwork.com/>
--
Mirko Boehm | mi...@kde.org | KDE e.V.
FSFE Team Germany
Qt Certified Specialist and Trainer
Request a meeting: https://doodle.com/mirkoboehm



signature.asc
Description: Message signed with OpenPGP

Re: FOSS-North

2018-03-01 Thread Mirko Boehm (KDE) 
Hi,

> On 1. Mar 2018, at 15:03, Adriaan de Groot <gr...@kde.org> wrote:
> 
> While it's -8 in the Netherlands and the whole country hardly knows what to
> do, I'd like to point out it's warmer in Sweden.
> 
> There's a one-day conference, FOSS-North, to be held late april.
> 
>   http://foss-north.se/2018/ <http://foss-north.se/2018/>
> 
> The CfP is still open, so we could send in one or more talks about .. stuff.
> 
> I was also approached if KDE (and GNOME) want / can staff a booth at the
> conference, where we could demo .. stuff. Whatever. Experiment with
> merchandise. Show off more Plasma 5.12 LTS improvements. Play with
> electronics.
> 
> Would anyone (other than me) be interested in submitting a talk / helping with
> a booth? (I would also use this conference as an excuse to give Sune back his
> blue KDE tablecloth)
> 
> Unfortunately, both the PIM and Plasma sprints are that same weekend, so we're
> missing a bunch of potentially interesting speakers.

FOSS-North is definitely a cool conference with its own kind of scandinavian 
crowd. I spoke there once. I cannot go this year as it is right after the legal 
and licensing workshop, and we are hosting the Plasma sprint in our office in 
Berlin :-) However I would encourage submissions and, especially if there are 
interested local people, a booth.

Cheers,

Mirko.
--
Mirko Boehm | mi...@kde.org | KDE e.V.
FSFE Fellowship Representative, FSFE Team Germany
Qt Certified Specialist and Trainer
Request a meeting: https://doodle.com/mirkoboehm



signature.asc
Description: Message signed with OpenPGP

Re: Invitation to join FOSS Backstage 2018

2018-02-22 Thread Mirko Boehm 
Hi!

> On 22. Feb 2018, at 12:20, Paul Brown <paul.br...@kde.org> wrote:
> 
> On Thursday, 22 February 2018 12:00:01 CET Adriaan de Groot wrote:
>> On Friday, February 9, 2018 3:33:24 PM EST Agnes Ratajczyk wrote:
>>> Dear KDE-Team,
>>> 
>>> I'd like to invite you to join us for the first FOSS Backstage
>>> <https://foss-backstage.de/ <https://foss-backstage.de/>> conference on 
>>> June 13&14 in Berlin. It will
>>> take place directly after Berlin Buzzwords <https://berlinbuzzwords.de/ 
>>> <https://berlinbuzzwords.de/>>
>>> and is dedicated to everything related to *Free and Open Source Software
>>> governance and open collaboration*.
>> 
>> It's an interesting)-ish) conference, though not really technical
> 
> This should not put us off, Adriaan. We are explicitly looking for non-
> technical events, even not specifically FLOSS events, where we can go and seek
> more users.

Yes, maybe. If we have relevant issues to share this will be a good conference 
for it. It is about governance and compliance, I am sure we have something to 
present. How about talking about the manifesto and our code of conduct, 
community principles. Any takers?

I have submitted presentations about compliance tooling and OIN. Hope to see 
you at the event :-)

Mirko.
--
Mirko Boehm | mi...@kde.org | KDE e.V.
FSFE Fellowship Representative, FSFE Team Germany
Qt Certified Specialist and Trainer
Request a meeting: https://doodle.com/mirkoboehm



signature.asc
Description: Message signed with OpenPGP

Re: Goal: Improve Plasma Mobile platform for end-user needs

2017-09-06 Thread Mirko Boehm 
Hi,

> On 6. Sep 2017, at 11:04, Agustin Benito (toscalix)  wrote:
> 
> what aboutextending the goal to embedded devices assuming mobile and
> embedded are not much different?

They are: mobile devices are end-user focused. Embedded devices are 
developer/manufacturer focused.

Cheers,

Mirko.


signature.asc
Description: Message signed with OpenPGP

Re: Survey for prioritization of requirements for an IM/chat solution for KDE

2017-08-18 Thread Mirko Boehm (KDE) 
Hi,

> On 18. Aug 2017, at 02:11, Thomas Pfeiffer <thomas.pfeif...@kde.org> wrote:
> 
> I've finally managed to enter all of our proposed requirements for a KDE-wide 
> primary IM/chat solution into a tool for creating Kano surveys:
> 
> http://www.kanosurvey.com/?id=3959 <http://www.kanosurvey.com/?id=3959>
> 
> The Kano model [1] categorizes features not just in "must have" and "nice to 
> have" but into five categories along two dimensions.
> This results in a more holistic view on the requirements, at the expense of 
> making the survey quite long because participants have to rate each feature 
> on 
> two dimensions.

I walked through the questionnaire and filled it in. Looks good overall.

Here are some comments:
It may make sense to split the "FOSS clients available for desktop (at least 
Linux/BSD + Windows) as well as mobile” into 3 for Linux, Windows and mobile. I 
personally care for Linux, OSX and mobile, and not in the least for Windows, so 
this was difficult to answer.
"Client has low resource usage (so most likely no web or electron apps)” 
combines two things that are initially unrelated. Of course I want low resource 
usage, but I also want a web app for platforms where no native clients are 
available.

It did not take very long to fill in the survey. 

Thanks!

Mirko.
-- 
-- 
Mirko Boehm | mi...@kde.org | KDE e.V.
FSFE Fellowship Representative, FSFE Team Germany
Qt Certified Specialist and Trainer
Request a meeting: https://doodle.com/mirkoboehm

Re: Telemetry Policy

2017-08-17 Thread Mirko Boehm - KDE 
Hi,

> On 17. Aug 2017, at 01:46, Thomas Pfeiffer <thomas.pfeif...@kde.org> wrote:
> 
> Hi Valorie,
> Even if opt-out for some data is legally and even morally fine, it does not
> align with the values we communicate to our users:
> Unlike Mozilla's Mission, our Vision mentions privacy explicitly, and we're
> striving to make privacy our USP.

We seem to assume a contradiction between telemetry and privacy. I believe this 
is a knee-jerk reaction. We can implement telemetry in a way that privacy is 
not violated. In fact, I would say that it follows from our vision that we 
should do this.

Cheers,

Mirko.
--
Mirko Boehm | mi...@kde.org | KDE e.V.
FSFE Fellowship Representative, FSFE Team Germany
Qt Certified Specialist and Trainer
Request a meeting: https://doodle.com/mirkoboehm



signature.asc
Description: Message signed with OpenPGP

Re: Collecting requirements for a KDE-wide instant messaging solution (was: Re: radical proposal: move IRC to Rocket.Chat)

2017-08-16 Thread Mirko Boehm - KDE 
Hi Thomas,

thanks for this issue forward with a rather constructive approach!

> On 16. Aug 2017, at 03:20, Thomas Pfeiffer <thomas.pfeif...@kde.org> wrote:
> 
> I have now cleaned up  https://notes.kde.org/p/KDE_IM_requirements 
> <https://notes.kde.org/p/KDE_IM_requirements> by removing
> duplicates, removing all discussion / comments (so only plain requirements are
> left) and rewording most requirements to that they have a somewhat common
> wording.
> 
> The next step will be to turn this into a Kano survey which will be used to
> prioritize them (will do that tomorrow).


I think this is exactly what is needed. The requirements collected right now 
are a superset of anything anyone could ever wish for. I am really interested 
in seeing them prioritised and the bottom 20% of them scrapped :-)

Best,

Mirko.
--
Mirko Boehm | mi...@kde.org | KDE e.V.
FSFE Fellowship Representative, FSFE Team Germany
Qt Certified Specialist and Trainer
Request a meeting: https://doodle.com/mirkoboehm



signature.asc
Description: Message signed with OpenPGP

Re: Telemetry Policy

2017-08-16 Thread Mirko Boehm - KDE 
Hi,

before this gets completely out of hand: The cited German data protection 
regulations are often misunderstood, even by people that pose as experts. They 
are also often (mis-)used as killer arguments to support political or personal 
opinions. If we start collecting telemetry data, we should get an assessment by 
a lawyer (!) that the way we handle the data is correct. However, it can 
certainly be done correctly and in a way that protects individual privacy and 
supports the improvement of our software.

Technical argument: If IP addresses are a concern, would it be an option to run 
them through a one-way hash function on the client side before submitting the 
data?

Best,

Mirko.

On Wed, Aug 16, 2017 at 11:08 AM Volker Krause <vkra...@kde.org 
<mailto:vkra...@kde.org>> wrote:
On Wednesday, 16 August 2017 10:21:11 CEST Ben Cooksley wrote:
> On Mon, Aug 14, 2017 at 11:40 PM, Volker Krause <vkra...@kde.org 
> <mailto:vkra...@kde.org>> wrote:
> > I agree on the proposed wording changes, so focusing on your technical
> > points below.
> >
> > On Monday, 14 August 2017 11:53:17 CEST Ben Cooksley wrote:
> >> I've got two technical notes here:
> >>
> >> 1) All products should fetch details on where to submit telemetry data
> >> from an online configuration file similar to
> >> https://autoconfig.kde.org/ocs/providers.xml 
> >> <https://autoconfig.kde.org/ocs/providers.xml>
> >>
> >> This would give us the capacity to version the telemetry server api,
> >> and potentially even "kill" telemetry submissions from older
> >> application versions if needed.
> >>
> >> 2) No software product should use the QNetworkAccessManager family of
> >> classes due to known defects in it's operation within some versions of
> >> Qt which cause infrastructure problems.
> >
> > The current implementation uses QNAM, but actually has code to handle HTTP
> > redirects correctly (with unit test coverage), I assume that's the issue
> > you are referring to? This also has been tested all the way back to Qt4.8
> > as part of the existing deployment in GammaRay.
>
> That's one of the considerations yes. I'm hopeful that nothing else in
> it will be found to be broken behaviour wise but have much more faith
> in KIO here.
>
> > I don't mind adding the extra indirection with the configuration file,
> > although just from the XML I don't see yet what that would provide beyond
> > HTTP redirects. Are there certain information (e.g. the app version)
> > passed already as part of the request for the configuration file? Or can
> > there be conditional aspects not currently present in the above example?
>
> The extra indirection is basically to give us the option to shift the
> endpoint elsewhere at some point without having to keep the old one
> alive even as a redirect.

Isn't that just shifting the requirement for the "stable" endpoint to the
configuration one? But if that's easier we can of course add that. Are there
any formats/standards you have in mind for this, or any parameters the GET
request should contain?

> I'm also concerned that we could potentially run into issues if the
> system doesn't do any GET requests. From what I recall unless the
> server and client support a specific RFC then redirecting POST
> requests isn't something one can rely on here (your code might handle
> this properly, I certainly wouldn't trust QNAM to do so given their
> stance on optional behaviour in HTTP RFCs)

Correct, QNAM doesn't support POST redirects itself. But since we deal with
redirects ourselves anyway, that's not really an issue. On the server I
haven't run into issues yet, even the super primitive HTTP test server built
into PHP can handle it. POST redirects aren't particularly elegant though, as
you are sending the payload multiple times. So the extra GET might be a better
solution anyway.

Regards,
Volker


--
Mirko Boehm | mi...@kde.org | KDE e.V.
FSFE Fellowship Representative, FSFE Team Germany
Qt Certified Specialist and Trainer
Request a meeting: https://doodle.com/mirkoboehm



signature.asc
Description: Message signed with OpenPGP

Re: We now have an Advisory Board

2016-10-03 Thread Mirko Boehm - KDE 
Hello!

> On 2 Oct 2016, at 17:26, Thiago Macieira <thi...@kde.org> wrote:
> 
>> Feel free to talk to them about the possibility and get them in touch
>> with the board (or with any of us if it feels more adequate).
> 
> The LF is a non-profit.


A nit-pick - the LF is a trade association, not a non-profit/not-for-profit 
entity. Eben Moglen wrote about why this matters here: 
https://www.softwarefreedom.org/blog/2016/apr/11/lf/ 
<https://www.softwarefreedom.org/blog/2016/apr/11/lf/>

In our case, I do believe that this makes the LF an even better candidate to 
invite to the advisory board.

Best,

Mirko.
-- 
Mirko Boehm | mi...@kde.org | KDE e.V.
FSFE Fellow, FSFE Team Germany
Qt Certified Specialist
Request a meeting: https://doodle.com/mirkoboehm

Re: [kde-community] Results from the Mission Survey

2016-07-29 Thread Mirko Boehm - KDE 
Hello Thomas, 

> On 29 Jul 2016, at 01:04, Thomas Pfeiffer <thomas.pfeif...@kde.org> wrote:
> 
> I'm sorry for taking so long with the survey analysis (analysis and 
> documentation of survey results always end up taking longer than expected), 
> but now finally I've prepared a presentation of the results of the first 
> round of analysis of the survey I did for input on KDE's Mission statement.
> This is just plain results, no interpretation.
> I said "first round" because I'm ready to do perform further analyses if 
> these results leave important questions open (if they can be answered from 
> the data, of course).
> If you'd like me to dig deeper somewhere, feel free to tell me!

Excellent work, thanks. And there are some interesting insights already. 
Besides minor differences, contributor and user interests are pretty much 
aligned, for example. Or that we are good at retaining long-term contributors.

> If anybody would like to get the raw data to do their own analyses, that's of 
> course possible as well.

I would definitely be interested in the raw numbers. How can I access them?

> With this, I leave you to the graphs and numbers, hoping that the results 
> will help us make confident decisions about our Mission statement (I think 
> they do).

Thanks, all the best, 

Mirko.
-- 
Mirko Boehm | mi...@kde.org | KDE e.V.
FSFE Fellow, FSFE Team Germany
Qt Certified Specialist
Request a meeting: https://doodle.com/mirkoboehm



___
kde-community mailing list
kde-community@kde.org
https://mail.kde.org/mailman/listinfo/kde-community

Re: [kde-community] A new home for Mozilla Thunderbird at KDE?

2016-04-26 Thread Mirko Boehm - KDE 

> On 26 Apr 2016, at 19:54, Boudhayan Gupta <bgu...@kde.org> wrote:
> 
>> There's also the problem that Thunderbird is a massive codebase with
>> few people working on it, and built on technology that's predictably
>> legacy (Gecko will ultimately die in favor of Servo; also nobody at
>> Mozilla seems to like XPCOM or god forbid XUL for years now). These
>> pose significant hurdles to the Thunderbird project I'm not convinced
>> it can scale, even with our help.
>> 
>> Incubator, yes. Project cemetary, no. I think cost/benefit and outlook
>> say 'no' here.
> 
> I'm going to second Eike here. My gut feeling says Thunderbird is
> going to go the way of Apache OpenOffice, and we'd just be a graveyard
> for it, not an incubator.

+1. -1 for adopting Thunderbird. 

Unless a large group of contributors show up spontaneously that is really 
enthusiastic about working on it. 

Cheers, 

Mirko.
-- 
Mirko Boehm | mi...@kde.org | KDE e.V.
FSFE Fellow, FSFE Team Germany
Qt Certified Specialist
Request a meeting: https://doodle.com/mirkoboehm



___
kde-community mailing list
kde-community@kde.org
https://mail.kde.org/mailman/listinfo/kde-community

Re: [kde-community] user stats for Neon

2016-04-14 Thread Mirko Boehm - KDE 
Hi!

> On 14 Apr 2016, at 15:16, Jonathan Riddell <j...@jriddell.org> wrote:
> 
> A while ago Albert gave a talk at Akademy about collecting some data
> on our users.  This got me thinking and with Neon I wanted to see how
> many installs we had.  Our package install software will check for new
> versions being available and I could count the IPs of this check but
> that's very unreliable.  Canonical counts IPs from the NTP ping at
> boot up but of course it's only useful at best as a relative metric of
> numbers of installs not absolute numbers.  So I added a machine-id to
> the URL it checks which is the unique value set at install time by
> systemd (/etc/machine-id) so now it has a good idea of being able to
> count the number of installs.
> 
> But KDE cares about privacy and it's in our Vision and I don't want to
> be accused of violating that.  But currently I can't see how this can
> violate users privacy any more than an IP address can so I'm curious
> to hear what arguments might come up against this.

I believe that as long as we are transparent about it, this should be fine. 
Maybe, just maybe, there could be a way to turn it of for very 
privacy-sensitive users.

Cheers, 

Mirko.
-- 
Mirko Boehm | mi...@kde.org | KDE e.V.
FSFE Fellow, FSFE Team Germany
Qt Certified Specialist
Request a meeting: https://doodle.com/mirkoboehm



___
kde-community mailing list
kde-community@kde.org
https://mail.kde.org/mailman/listinfo/kde-community

Re: [kde-community] Have repo maintainers opt-in for github mirroring (was: Re: Official KDE mirror on github)

2015-09-22 Thread Mirko Boehm 
Hi, 

> On 19 Sep 2015, at 15:48, Ivan Čukić <ivan.cu...@kde.org> wrote:
> 
>> I've made a wiki page, which says how to turn a pull request into
>> a reviewboard submission.
>> https://techbase.kde.org/Development/GithubMirror
> 
> The next time I see you, you are getting a hug and a pint of apple fritter.

I have been hoping for this more or less through the whole discussion. What 
contributors coming in through Github need is some (ideally scripted) setup of 
their remotes that let’s them easily submit review requests after cloning from 
Github. This cannot be that hard with Git. 

David, you rock. 

Mirko.
-- 
Mirko Boehm | mi...@kde.org | KDE e.V.
FSFE Fellow, FSFE Team Germany
Qt Certified Specialist
Request a meeting: https://doodle.com/mirkoboehm



___
kde-community mailing list
kde-community@kde.org
https://mail.kde.org/mailman/listinfo/kde-community

Re: [kde-community] Official KDE mirror on github

2015-09-16 Thread Mirko Boehm 
Hehe, 

> On 16 Sep 2015, at 14:57, David Edmundson <da...@davidedmundson.co.uk> wrote:
> 
> I am great.
> 
> https://github.com/kde <https://github.com/kde> is now ours.

Nice work, David. 

Mirko.
-- 
Mirko Boehm | mi...@kde.org | KDE e.V.
FSFE Fellow, FSFE Team Germany
Qt Certified Specialist
Request a meeting: https://doodle.com/mirkoboehm



___
kde-community mailing list
kde-community@kde.org
https://mail.kde.org/mailman/listinfo/kde-community

Re: [kde-community] Phabricator: Make it happen already!

2015-08-27 Thread Mirko Boehm 
+1! Yay!

 On 27 Aug 2015, at 17:00, David Edmundson da...@davidedmundson.co.uk wrote:
 
 Same here. The Plasma team is in the process of migrating to phaaab!
 already.
 
 To clarify, the mobile only stuff is currently in there for trial.
 The rest is pending.

-- 
Mirko Boehm | mi...@kde.org | KDE e.V.
FSFE Fellow, FSFE Team Germany
Qt Certified Specialist
Request a meeting: https://doodle.com/mirkoboehm



___
kde-community mailing list
kde-community@kde.org
https://mail.kde.org/mailman/listinfo/kde-community

Re: [kde-community] Evolving KDE - survey results

2015-07-23 Thread Mirko Boehm 
Hi, 

 On 22 Jul 2015, at 18:25, Lydia Pintscher ly...@kde.org wrote:
 
 Earlier this year we started Evolving KDE in order to reflect on where
 we as a community stand and where we want to go. The first step was a
 survey. The results of this survey are now in. The evaluation and the
 recommendations based on the findings of the survey are attached.
 We will be discussing them at the General Assembly of KDE e.V. this
 Friday and I will talk more in detail about it in my keynote on
 Sunday. There will be a BoF for discussions on Monday next week. For
 everyone who can't attend Akademy I'll be writing more after Akademy.

Thanks for summarising the results. As others have written, the level of 
abstraction is way to high to conclude anything tangible from the results. I 
think it is necessary and expected from a transparent open source community to 
publish the raw anonymised data. Also I think that if our sample of responses 
is a total of 200, that in itself should be a reason to worry and to interpret 
the results with a grain of salt. 

 Thank you to everyone who took part in the survey and provided their
 input. This is an important step.

Thanks for setting up this process of feedback. I did take part in the survey. 
I would like to point out that I found the questions to be very much generic, 
and it felt like the survey was over before it really began. With that in mind, 
I don’t think it is a sufficient foundation to decide the future objectives of 
the community on.

Best, 

Mirko.
-- 
Mirko Boehm | mi...@kde.org | KDE e.V.
FSFE Fellow, FSFE Team Germany
Qt Certified Specialist
Request a meeting: https://doodle.com/mirkoboehm



___
kde-community mailing list
kde-community@kde.org
https://mail.kde.org/mailman/listinfo/kde-community

Re: [kde-community] KDE office (was: Your KDE highlight of 2014?)

2014-12-29 Thread Mirko Boehm 
Hi, 

 On 28 Dec 2014, at 09:21, Aaron J. Seigo ase...@kde.org wrote:
 
 On Thursday, December 25, 2014 00.15:25 Jonathan Riddell wrote:
 Um, what? You don't want KDE to work on KDE project together and call
 it KDE?
 
 Call the result KDE software, call your efforts part of KDE, but putting 
 KDE 
 on an office door and calling it a KDE office creates a level of 
 responsibility on behalf of KDE and anything that may happen in that office 
 reflect on KDE. If there is some process for setting up such a space such 
 that 
 it meets the shared principles of KDE and is managed in a responsible 
 fashion, 
 then it can work. Random people randomly setting up physical spaces that are 
 KDE is simply risky.
 
 You may be fine with that. I would caution against it.

I would not put too much worry into this. Having too many people that are 
over-eager to build and expand our community and it’s presence is probably the 
least of our worries. If a significant portion of commits are coming from that 
room, why wouldn’t it be a KDE office? :-) 

Happy holidays, 

Mirko.
-- 
Mirko Boehm | mi...@kde.org | KDE e.V.
FSFE Fellow, FSFE Team Germany
Qt Certified Specialist
Request a meeting: https://doodle.com/mirkoboehm



___
kde-community mailing list
kde-community@kde.org
https://mail.kde.org/mailman/listinfo/kde-community

Re: [kde-community] Berlin - Brno road trip

2014-06-18 Thread Mirko Boehm 
Hey Patrick, 

On 18 Jun 2014, at 11:00, Patrick Spendrin patrick_spend...@gmx.de wrote:

 If everybody is ok with that, I can go get those tickets at the
 counter (and you reimburse me later via bank transfer).
 If somebody else wants to take part, please speak up soon!

great idea. Yes please. I have a Bahncard 50. 

Cheers, 

Mirko.
-- 
Mirko Boehm | mi...@kde.org | KDE e.V.
FSFE Fellow, FSFE Team Germany
Qt Certified Specialist and Trainer

___
kde-community mailing list
kde-community@kde.org
https://mail.kde.org/mailman/listinfo/kde-community

Re: [kde-community] Berlin - Brno road trip

2014-06-11 Thread Mirko Boehm 
Good morning, 

On 11 Jun 2014, at 08:07, Volker Krause vkra...@kde.org wrote:

 those of you who plan to go to ackademy ‎this year and wants to go by train
 from berlin, please raise your hand. There is apparently at least 4 of us
 who also need to attend the general assembly. What about sharing the trip? 
 
 Interested are at least :
 Lydia 
 Andreas 
 Patrick (from Dresden) 
 Me
 
 Count me in as well, I'm also attending the general assembly.

Please count me in as well. Looking forward to it. 

Mirko.
-- 
Mirko Boehm | mi...@kde.org | KDE e.V.
FSFE Fellow, FSFE Team Germany
Qt Certified Specialist and Trainer

___
kde-community mailing list
kde-community@kde.org
https://mail.kde.org/mailman/listinfo/kde-community

Re: [kde-community] KDE Manifesto Revision (round 2)

2013-11-24 Thread Mirko Boehm 
On 24 Nov 2013, at 11:17, Marta Rybczynska rybczyn...@gmail.com wrote:

 Just a doubt about two lines:
 Licensing policy must be respected.
 branding guidelines are respected.

+1. 

Is the Increase your market visibility” still in, under “Benefits”? If so, I 
suggest that to be changed to simply Increase your visibility”. We aren’t 
catering to a market only, but to users in general. Having “market” in there 
unnecessarily limits what the benefit is, and also just mans repeating what the 
business drones say :-) 

Cheers, 

Mirko.


___
kde-community mailing list
kde-community@kde.org
https://mail.kde.org/mailman/listinfo/kde-community