Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/2017/2017-04-23-19:01_trustees-2017-04.log.txt
diff options
context:
space:
mode:
Diffstat (limited to '2017/2017-04-23-19:01_trustees-2017-04.log.txt')
-rw-r--r--2017/2017-04-23-19:01_trustees-2017-04.log.txt247
1 files changed, 247 insertions, 0 deletions
diff --git a/2017/2017-04-23-19:01_trustees-2017-04.log.txt b/2017/2017-04-23-19:01_trustees-2017-04.log.txt
new file mode 100644
index 0000000..2603b8e
--- /dev/null
+++ b/2017/2017-04-23-19:01_trustees-2017-04.log.txt
@@ -0,0 +1,247 @@
+[19:01:31] Meeting started by prometheanfire
+[19:01:47] Meeting chairs are: dabbott, robbat2, swift, antarus, prometheanfire,
+[19:02:01] <prometheanfire> .topic roll call
+[19:02:11] Current subject: roll call, (set by prometheanfire)
+[19:02:32] <prometheanfire> robbat2: SwifT dabbott antarus ping
+[19:02:36] <SwifT> pong
+[19:02:39] <antarus> here
+[19:02:41] <dabbott> here
+[19:02:42] <robbat2> here
+[19:03:02] <prometheanfire> cool, all here
+[19:03:21] <prometheanfire> dabbott: logging the meeting?
+[19:03:28] <dabbott> yes
+[19:03:41] <prometheanfire> next activity tracker task is in july
+[19:04:08] Current subject: how are we doing on the mailing address change?, (set by prometheanfire)
+[19:04:19] LINK: https://bugs.gentoo.org/show_bug.cgi?id=613950 [613950 – Change of Mailing Address: tracker bug]
+[19:04:30] <robbat2> about halfway on the list of bugs
+[19:04:49] <robbat2> a bunch of them need bank records to show a paper trail
+[19:04:56] <prometheanfire> ah
+[19:05:09] <robbat2> since we have no other bills that come in
+[19:05:44] <prometheanfire> ok, next
+[19:05:55] <prometheanfire> no update on irs, waiting on bank
+[19:05:59] <dabbott> paypal may be a problem, I'm afraid to do anything there, they have my name and address I think
+[19:06:18] <robbat2> we need bank statements for the paypal one anyway
+[19:06:18] <prometheanfire> speaking of bank
+[19:06:37] Current subject: getting control of the bank, (set by prometheanfire)
+[19:06:53] <prometheanfire> dabbott: mind updating the others on your progress?
+[19:07:15] <dabbott> When I talked to them on friday they just need to do the change afaik
+[19:07:37] <prometheanfire> which is amazing to me :D
+[19:07:43] <prometheanfire> so hopefully end of week there
+[19:07:44] <dabbott> did not say there was any problem, no one has looked at the documents as yet
+[19:08:23] <dabbott> they know who I am summers had added me to the account just not followed through setting it up
+[19:09:01] <dabbott> i could have sent them a sig and been approved if he would have done it
+[19:09:01] <prometheanfire> cool, next?
+[19:09:46] Current subject: insurance updates, (set by prometheanfire)
+[19:09:54] LINK: https://bugs.gentoo.org/show_bug.cgi?id=592198 [592198 – D&O insurance]
+[19:10:17] <prometheanfire> I've sent out one of the two proposals (the other is in underwriting)
+[19:10:53] <prometheanfire> the one we have to review is not for D&O though
+[19:11:05] <prometheanfire> the D&O one is in underwriting
+[19:11:41] <prometheanfire> anyone review it?
+[19:12:31] <dabbott> personaly I could care less, if the rest of the board wants it its fine by me
+[19:13:03] <prometheanfire> I'm kinda in the same place on this one, it could be a nice to have, but I'm not sure if we should pursue it
+[19:13:18] <antarus> same here
+[19:13:28] <robbat2> yeah, i want to wait for the D&O response
+[19:13:34] <robbat2> to figure out where it stands on the budget line
+[19:13:57] <prometheanfire> k
+[19:14:00] <robbat2> most of it is irrelevant to us
+[19:14:06] <prometheanfire> tabling it for now then
+[19:14:29] <dabbott> sounds good
+[19:14:30] <prometheanfire> alicef: pre-ping
+[19:14:35] Current subject: Do we need date of birth in developer apps, (set by prometheanfire)
+[19:14:55] <prometheanfire> I sent out my proposed email and got slaped down
+[19:15:15] <prometheanfire> so, if anyone wants to try again...
+[19:16:35] <robbat2> can we side-step it entirely then, and just have some statement:
+[19:16:52] <robbat2> by joining, you agree you are able to enter into contractual agreements
+[19:17:15] <prometheanfire> that sounds good to me
+[19:17:30] <NeddySeagoon> Thats too simple. Vhat abaut minors?
+[19:18:21] <robbat2> can you think of a simple way to include them in the above, without complicating it?
+[19:18:51] <NeddySeagoon> No.
+[19:20:12] <prometheanfire> ok, next?
+[19:20:21] <prometheanfire> or action?
+[19:20:43] <robbat2> ok, does leaving out minors really matter for this?
+[19:21:11] <robbat2> if they are a minor, and assert yes to the above, are we in the clear ourselves?
+[19:21:11] <NeddySeagoon> It would have excluded several devs.
+[19:21:20] <dabbott> just keep doing it the way we have been unless someone comes up with a better solution, if its not broke don't fix kind of thing
+[19:21:23] <SwifT> it isn't about having a simple statement imo; we need to inform developers (and aspiring developers) why we need some kind of information. As long as that isn't clear, the statements will be under continuous debate
+[19:21:36] <robbat2> if we have the statement, we can drop the DOB need
+[19:23:04] <robbat2> let's move on for the moment
+[19:23:07] <prometheanfire> k
+[19:23:08] <robbat2> alicef: reping
+[19:23:24] <prometheanfire> in the mean time
+[19:23:27] Current subject: open bugs, (set by prometheanfire)
+[19:23:35] LINK: https://bugs.gentoo.org/buglist.cgi?bug_status=UNCONFIRMED&bug_status=CONFIRMED&bug_status=IN_PROGRESS&bug_status=VERIFIED&email2=trustees&emailassigned_to2=1&emailcc2=1&emailreporter2=1&emailtype2=substring&known_name=TrusteesOpenBugs&list_id=3290194&order=Last%20Changed&query_based_on=TrusteesOpenBugs&query_format=advanced&resolution=--- [Bug List: TrusteesOpenBugs]
+[19:24:35] <prometheanfire> there are a couple of updates
+[19:24:41] LINK: https://bugs.gentoo.org/show_bug.cgi?id=605336 [Bug Access Denied]
+[19:24:49] <robbat2> i see 3 things there to do: dilfridge filed his invoices, so I can reimburse him now
+[19:24:52] <prometheanfire> the invoices are submitted
+[19:25:26] <prometheanfire> ok, so robbat2 will do that
+[19:25:30] <prometheanfire> the other two?
+[19:25:32] <robbat2> bug 318841 is a license question, with implications of breaking the install media
+[19:25:35] <willikins> robbat2: https://bugs.gentoo.org/318841 "sys-kernel/linux-firmware incomplete LICENSE"; Gentoo Linux, New packages; IN_P; ulm:licenses
+[19:26:00] <robbat2> mostly that we are taking a stricter stance than upstream or debian on some firmware
+[19:26:41] <robbat2> when we put RESTRICT=bindist, the firmware will no longer be on the install media
+[19:27:23] <robbat2> should trustees override licenses team on this, based on what upstream does?
+[19:27:24] <prometheanfire> ya, not sure that's workable
+[19:28:43] <robbat2> (bug 531540 we can ignore, it only shows updated because of a change in the tracker bug)
+[19:28:46] <willikins> robbat2: https://bugs.gentoo.org/531540 "dev-libs/openssl: revise inclusion of elliptic curves with bindist USE flag"; Gentoo Linux, Current packages; CONF; aballier:base-system
+[19:29:24] <prometheanfire> ah, k
+[19:29:30] <ulm> hi
+[19:29:31] <robbat2> i just asked ulm to join re 318841
+[19:29:37] <dilfridge> hm?
+[19:29:38] <dilfridge> ah
+[19:29:53] <robbat2> per 318841, originally you were going to add just a license statement
+[19:30:00] <robbat2> but your recent comment said add RESTRICT=bindist too
+[19:30:09] <antarus> why doesn't upstream care?
+[19:30:13] <robbat2> would that not break any install media using the firmware
+[19:30:21] <ulm> RESTRICT=mirror too
+[19:30:25] <antarus> aren't they also distributin?
+[19:30:35] <robbat2> because catalyst wouldn't have it on the media?
+[19:30:45] <robbat2> upstream is distributing the firmware yes
+[19:31:25] <ulm> robbat2: some of the firmware blobs seem to come without any license at all
+[19:31:27] <antarus> why do we care when they don't?
+[19:31:47] <ulm> because without a license we cannot redistribute them
+[19:31:55] <antarus> (not saying we are wrong, but more so looking for their rationale)
+[19:32:04] <robbat2> why does our redistribution differ from upstream redistribution?
+[19:32:07] <antarus> what do they know that we don't :)
+[19:32:33] <ulm> then there are others that alledgedly are GPL licensed but their source is not available
+[19:32:52] <ulm> which has the same consequence, namely that it's not distributable
+[19:33:21] <mrueg> can we get a USE="proper-licensing" that fetches a different tarball which contains validated firmware?
+[19:33:33] <robbat2> ulm: if upstream redistributes it, and we also redistribute it; surely we have a lower risk profile than upstream?
+[19:33:58] <ulm> robbat2: upstream owns copyright so they can do what they want
+[19:34:14] <robbat2> upstream is the linux-firmware.git repo owner
+[19:34:17] <robbat2> not the creator of the firmware
+[19:34:27] <robbat2> https://git.kernel.org/?p=linux/kernel/git/firmware/linux-firmware.git
+[19:34:52] <antarus> yes, exactly
+[19:35:09] <ulm> so if the linux-firmware repo owner violates copyright, it follows that we're allowed to violate it too?
+[19:35:16] <antarus> no
+[19:35:33] <antarus> I want to understand if its by accident, on purpose, or if they have some other circumstance
+[19:35:38] <SwifT> have we reported the licensing problems to the linux-firmware.git project owner? if not, it might be a good idea to do so, perhaps they have more info on these things?
+[19:35:48] <ulm> SwifT: yes we have
+[19:35:53] <prometheanfire> response?
+[19:36:04] <robbat2> SwifT: yes, that's covered in the bug, gregkh took it very far up in the linux foundation, to no real resolution
+[19:36:12] <ulm> let me look up the history
+[19:36:27] <ulm> wasn't that in the bug?
+[19:36:37] <SwifT> if our main concern right now is to not break the installation media, is the only alternative (beyond ignoring the issue) to break up and only pull the correctly licensed firmware ?
+[19:36:43] <prometheanfire> I don't see it in the bug
+[19:37:10] <ulm> give me a minute
+[19:38:00] <ulm> ok, it was reported upstream in Feb. 2013
+[19:38:31] <robbat2> in the spirit of pragmatic solutions, keep the ' According to upstream, all of them should be redistributable.' statement, augment it to say that we disagree, but will continue to redistribute it for working install media
+[19:38:35] <ulm> and it went up to the Technical Advisory board of the Linux Foundation
+[19:38:50] <ulm> who tasked GregKH with it
+[19:39:03] <ulm> according to a mail from him in March 2013
+[19:39:14] <ulm> then we sent a reminder in May 2013
+[19:39:30] <ulm> and since then nothing seems to have happened
+[19:39:31] <antarus> I mean I see two arguments here, an ethical argument about following the law
+[19:39:38] <antarus> and an argument about legal exposure
+[19:40:08] <ulm> robbat2: I don't think we have a statement from upstream that all are distributable
+[19:40:59] <antarus> "This repository contains all these firmware images which have been
+[19:41:00] <antarus> extracted from older drivers, as well various new firmware images which
+[19:41:00] <antarus> we were never permitted to include in a GPL'd work, but which we _have_
+[19:41:01] <antarus> been permitted to redistribute under separate cover."
+[19:41:15] <ulm> the wording in the last version of that note is "Most likely, some of the images are not redistributable." and I believe that it accurately describes the situation
+[19:41:58] <mrueg> https://packages.debian.org/sid/firmware-misc-nonfree is that a stripped down version of the same?
+[19:42:00] <ulm> antarus: who is the "we" in "we have been permitted"?
+[19:42:35] <robbat2> ulm: their statement is implicit in that they are redistributing them
+[19:43:08] <antarus> I think my point is that from a legal perspective the risk of action seems low
+[19:43:11] <antarus> and the benefit high
+[19:43:54] <antarus> I'm less convinced on the social contract angle (does it allow us to take this sort of action?)
+[19:45:02] <robbat2> as an example of breakage, the firmware that we decided was not redistributable includes really common stuff like e100
+[19:46:37] <K_F> is it really breakage as long as it is installable?
+[19:46:51] <prometheanfire> network makes it un-fetchable
+[19:47:03] <robbat2> you need to include the firmware on the install media to start up the network :-)
+[19:47:05] <prometheanfire> bootstraping problem
+[19:47:27] <ulm> then sort it out with the copyright holder?
+[19:49:00] <robbat2> wasn't our discussion from 2013 that attempt already, to no avail?
+[19:49:30] <ulm> yes, no progress because linux upstream didn't do their homework
+[19:50:10] <prometheanfire> prod them again?
+[19:50:12] <robbat2> so we're faced with the choice of: break install media || ethically follow law
+[19:50:22] <K_F> prometheanfire: seems like a possible action
+[19:50:37] <K_F> prometheanfire: in particular if there are outstanding output from last discussion
+[19:50:44] <prometheanfire> yep
+[19:50:53] <ulm> robbat2: we should at least add a license notice as suggested in bug 318841
+[19:50:55] <willikins> https://bugs.gentoo.org/318841 "sys-kernel/linux-firmware incomplete LICENSE"; Gentoo Linux, New packages; IN_P; ulm:licenses
+[19:50:59] <prometheanfire> it seems like the original question was never resolved
+[19:51:07] <SwifT> I would rather see the ebuild reflect the actual state, and if necessary override it when building media (if that is the course that would be suggested)
+[19:51:09] <robbat2> yes, definetly add the notice, but no RESTRICT
+[19:51:09] <ulm> even if that wouldn't go along with any RESTRICT
+[19:51:15] <ulm> yep :)
+[19:51:33] <prometheanfire> yep, add notice, no restrict, prod upstream again
+[19:52:06] <robbat2> ulm: where was the gregkh / LF TAB piece, so we can link to it from the text?
+[19:52:15] <SwifT> prometheanfire: wouldn't it make more sense that catalyst overrides it, but let the ebuild reflect it as suggested by the bug?
+[19:52:48] <ulm> robbat2: e-mail to licenses@
+[19:52:57] <ulm> Mon, 25 Mar 2013 06:30:26 -0700
+[19:53:00] <robbat2> i'd have to double-check, but I think catalyst can't override RESTRICT=bindist
+[19:53:12] <robbat2> for a single package
+[19:54:01] <ulm> can we say "Most likely, some of the images are not redistributable"?
+[19:54:12] <ulm> or choose a weaker wording, saying that we don't know or aren't sure?
+[19:54:52] <prometheanfire> It is likely, instead of most likely?
+[19:55:23] <ulm> "Possibly"?
+[19:55:37] <SwifT> I'd rather say that we don't know (something akin to "Although the firmware is distributed through the linux-firmware project, some of the firmware is not accompanied by a proper license attribution, making it difficult for us to know if the files are redistributable or not."
+[19:55:40] <robbat2> "Most likely, upstream redistribution of some firmware images may conflict with the licenses or lack thereof on the images"
+[19:56:14] <ulm> wfm
+[19:56:23] <prometheanfire> k
+[19:56:35] <prometheanfire> so, we good?
+[19:56:36] <antarus> sgtm
+[19:56:39] <robbat2> +1
+[19:56:44] <dabbott> +1
+[19:56:49] <robbat2> thanks for being available on short notice ulm
+[19:57:04] <SwifT> is it on the statement that robbat2 made? (just to be certain)
+[19:57:36] <ulm> so, full text of the notice will be:
+[19:57:37] <ulm> "Linux firmware images are distributed under a variety of licenses, many of them being non-free. Most likely, upstream redistribution of some firmware images may conflict with the licenses or lack thereof on the images. You will need to check the WHENCE and LICEN[CS]E.* files in the package for specific licensing terms."
+[19:58:25] <ulm> and no RESTRICT
+[19:58:30] <prometheanfire> k
+[19:58:33] <robbat2> +1
+[19:58:35] <SwifT> ok
+[19:58:40] <prometheanfire> 2+1
+[19:58:43] <dabbott> ok
+[19:59:12] <prometheanfire> do we have time to talk about bitcoin?
+[20:01:15] LINK: https://bugs.gentoo.org/show_bug.cgi?id=476718 [476718 – Request for bitcoin donation support]
+[20:01:17] <prometheanfire> bug 476718
+[20:01:20] <willikins> prometheanfire: https://bugs.gentoo.org/476718 "Request for bitcoin donation support"; Gentoo Foundation, Proposals; CONF; rich0:trustees
+[20:01:29] <robbat2> as treasurer, I will re-assert what the bug noted before: i'm only comfortable if we accept it in a manner that immediately converts it to another currency
+[20:01:39] <robbat2> and not carry a balance in it
+[20:01:40] <prometheanfire> the idea is to accept bitcoin donations and immediatly cash out
+[20:01:50] <prometheanfire> yep, I think that's for the best
+[20:02:03] <SwifT> yup agree to that... accountancy with multiple currencies is a nightmare
+[20:02:23] <robbat2> it's more that bitcoin has special tax implications since it's not entirely a currency
+[20:02:40] <robbat2> multi-currency accounting itself is not a problem
+[20:02:51] <robbat2> just more painful than single-currency accounting
+[20:03:22] <robbat2> (and for the record, i'm not anti-bitcoin, i personally have a diverse investment portfolio that does include bitcoin)
+[20:03:26] <antarus> the cashing out is more to avoid the volatility
+[20:03:51] <robbat2> i'd say it's to avoid the capital gain/loss side effects of the volatility
+[20:04:00] <SwifT> whatever the reason, I think we all agree to it ;)
+[20:04:11] <prometheanfire> yep
+[20:04:12] <prometheanfire> +1
+[20:04:19] <SwifT> +2
+[20:04:26] <robbat2> signing up for some of the providers needs us to fix the bank accounts first
+[20:04:36] <antarus> don't we need to like, yeah have accounts people can donate to?
+[20:05:11] <prometheanfire> this can depend on the bank then
+[20:06:10] <prometheanfire> next?
+[20:06:43] <K_F> robbat2: might be an idea to look into services that converts bitcoin to currency at time of donation, we do that for some other organisations
+[20:07:01] <robbat2> the github ToS issue on bug 611376 had some followup questions
+[20:07:03] <willikins> robbat2: https://bugs.gentoo.org/611376 "New GitHub Terms of Service"; Gentoo Foundation, Proposals; CONF; ulm:trustees
+[20:07:34] <robbat2> specifically, that we distribute some patches in the tree, and the patches have licenses that are violated by the GitHub TOS
+[20:07:57] <robbat2> i think just moving those patches to distfiles would suffice
+[20:08:28] <robbat2> with the exeption of licenses/GPL-2 itself
+[20:09:28] <prometheanfire> that sounds ok
+[20:09:33] <robbat2> (other than the above, I have no further business)
+[20:09:42] <ulm> it's rather licenses/* (but it doesn't change the argument of course)
+[20:10:48] <robbat2> GPL-2 is a useful example, because the FSF wants it included in every package that's GPL-2, and they themselves said the GH TOS are ok
+[20:13:19] <robbat2> for the moment then, RESO:talk-to-FSF-again
+[20:13:39] <prometheanfire> ya
+[20:13:44] <dabbott> ok
+[20:13:54] <robbat2> ulm: ok if I draft and email and run it by you before sending it to licensing@fsf?
+[20:14:00] <ulm> sure
+[20:15:06] <robbat2> prometheanfire: any other business?
+[20:15:48] <prometheanfire> nope, just picking the next meeting
+[20:16:08] <prometheanfire> may 21?
+[20:16:35] Current subject: Date of Next Meeting - Sun May 21 2017 19:00 UTC, (set by dabbott)
+[20:16:44] <dabbott> fine here
+[20:16:44] <robbat2> still good with me
+[20:17:13] <prometheanfire> antarus: SwifT ?
+[20:17:24] <SwifT> ok
+[20:17:31] <SwifT> had to check my calendar, sorry for the delay
+[20:18:23] <prometheanfire> ok, going for that then
+[20:18:43] <prometheanfire> think that's it, unless someone has something else?
+[20:19:10] <prometheanfire> k, ending
+[20:19:13] Meeting ended by prometheanfire, total meeting length 4661 seconds