path: root/2017/2017-04-23-19:01_trustees-2017-04.log.txt

[19:01:31] Meeting started by prometheanfire
[19:01:47] Meeting chairs are: dabbott, robbat2, swift, antarus, prometheanfire, 
[19:02:01] <prometheanfire> .topic roll call
[19:02:11] Current subject: roll call, (set by prometheanfire)
[19:02:32] <prometheanfire> robbat2: SwifT dabbott antarus ping
[19:02:36] <SwifT> pong
[19:02:39] <antarus> here
[19:02:41] <dabbott> here
[19:02:42] <robbat2> here
[19:03:02] <prometheanfire> cool, all here
[19:03:21] <prometheanfire> dabbott: logging the meeting?
[19:03:28] <dabbott> yes
[19:03:41] <prometheanfire> next activity tracker task is in july
[19:04:08] Current subject: how are we doing on the mailing address change?, (set by prometheanfire)
[19:04:19] LINK: https://bugs.gentoo.org/show_bug.cgi?id=613950 [613950 – Change of Mailing Address: tracker bug]
[19:04:30] <robbat2> about halfway on the list of bugs
[19:04:49] <robbat2> a bunch of them need bank records to show a paper trail
[19:04:56] <prometheanfire> ah
[19:05:09] <robbat2> since we have no other bills that come in
[19:05:44] <prometheanfire> ok, next
[19:05:55] <prometheanfire> no update on irs, waiting on bank
[19:05:59] <dabbott> paypal may be a problem, I'm afraid to do anything there, they have my name and address I think
[19:06:18] <robbat2> we need bank statements for the paypal one anyway
[19:06:18] <prometheanfire> speaking of bank
[19:06:37] Current subject: getting control of the bank, (set by prometheanfire)
[19:06:53] <prometheanfire> dabbott: mind updating the others on your progress?
[19:07:15] <dabbott> When I talked to them on friday they just need to do the change afaik
[19:07:37] <prometheanfire> which is amazing to me :D
[19:07:43] <prometheanfire> so hopefully end of week there
[19:07:44] <dabbott> did not say there was any problem, no one has looked at the documents as yet
[19:08:23] <dabbott> they know who I am summers had added me to the account just not followed through setting it up
[19:09:01] <dabbott> i could have sent them a sig and been approved if he would have done it
[19:09:01] <prometheanfire> cool, next?
[19:09:46] Current subject: insurance updates, (set by prometheanfire)
[19:09:54] LINK: https://bugs.gentoo.org/show_bug.cgi?id=592198 [592198 – D&O insurance]
[19:10:17] <prometheanfire> I've sent out one of the two proposals (the other is in underwriting)
[19:10:53] <prometheanfire> the one we have to review is not for D&O though
[19:11:05] <prometheanfire> the D&O one is in underwriting
[19:11:41] <prometheanfire> anyone review it?
[19:12:31] <dabbott> personaly I could care less, if the rest of the board wants it its fine by me
[19:13:03] <prometheanfire> I'm kinda in the same place on this one, it could be a nice to have, but I'm not sure if we should pursue it
[19:13:18] <antarus> same here
[19:13:28] <robbat2> yeah, i want to wait for the D&O response
[19:13:34] <robbat2> to figure out where it stands on the budget line
[19:13:57] <prometheanfire> k
[19:14:00] <robbat2> most of it is irrelevant to us
[19:14:06] <prometheanfire> tabling it for now then
[19:14:29] <dabbott> sounds good
[19:14:30] <prometheanfire> alicef: pre-ping
[19:14:35] Current subject: Do we need date of birth in developer apps, (set by prometheanfire)
[19:14:55] <prometheanfire> I sent out my proposed email and got slaped down
[19:15:15] <prometheanfire> so, if anyone wants to try again...
[19:16:35] <robbat2> can we side-step it entirely then, and just have some statement:
[19:16:52] <robbat2> by joining, you agree you are able to enter into contractual agreements
[19:17:15] <prometheanfire> that sounds good to me
[19:17:30] <NeddySeagoon> Thats too simple.  Vhat abaut minors?
[19:18:21] <robbat2> can you think of a simple way to include them in the above, without complicating it?
[19:18:51] <NeddySeagoon> No.
[19:20:12] <prometheanfire> ok, next?
[19:20:21] <prometheanfire> or action?
[19:20:43] <robbat2> ok, does leaving out minors really matter for this?
[19:21:11] <robbat2> if they are a minor, and assert yes to the above, are we in the clear ourselves?
[19:21:11] <NeddySeagoon> It would have excluded several devs.
[19:21:20] <dabbott> just keep doing it the way we have been unless someone comes up with a better solution, if its not broke don't fix kind of thing
[19:21:23] <SwifT> it isn't about having a simple statement imo; we need to inform developers (and aspiring developers) why we need some kind of information. As long as that isn't clear, the statements will be under continuous debate
[19:21:36] <robbat2> if we have the statement, we can drop the DOB need
[19:23:04] <robbat2> let's move on for the moment
[19:23:07] <prometheanfire> k
[19:23:08] <robbat2> alicef: reping
[19:23:24] <prometheanfire> in the mean time
[19:23:27] Current subject: open bugs, (set by prometheanfire)
[19:23:35] LINK: https://bugs.gentoo.org/buglist.cgi?bug_status=UNCONFIRMED&bug_status=CONFIRMED&bug_status=IN_PROGRESS&bug_status=VERIFIED&email2=trustees&emailassigned_to2=1&emailcc2=1&emailreporter2=1&emailtype2=substring&known_name=TrusteesOpenBugs&list_id=3290194&order=Last%20Changed&query_based_on=TrusteesOpenBugs&query_format=advanced&resolution=--- [Bug List: TrusteesOpenBugs]
[19:24:35] <prometheanfire> there are a couple of updates
[19:24:41] LINK: https://bugs.gentoo.org/show_bug.cgi?id=605336 [Bug Access Denied]
[19:24:49] <robbat2> i see 3 things there to do: dilfridge filed his invoices, so I can reimburse him now
[19:24:52] <prometheanfire> the invoices are submitted
[19:25:26] <prometheanfire> ok, so robbat2 will do that
[19:25:30] <prometheanfire> the other two?
[19:25:32] <robbat2> bug 318841 is a license question, with implications of breaking the install media
[19:25:35] <willikins> robbat2: https://bugs.gentoo.org/318841 "sys-kernel/linux-firmware incomplete LICENSE"; Gentoo Linux, New packages; IN_P; ulm:licenses
[19:26:00] <robbat2> mostly that we are taking a stricter stance than upstream or debian on some firmware
[19:26:41] <robbat2> when we put RESTRICT=bindist, the firmware will no longer be on the install media
[19:27:23] <robbat2> should trustees override licenses team on this, based on what upstream does?
[19:27:24] <prometheanfire> ya, not sure that's workable
[19:28:43] <robbat2> (bug 531540 we can ignore, it only shows updated because of a change in the tracker bug)
[19:28:46] <willikins> robbat2: https://bugs.gentoo.org/531540 "dev-libs/openssl: revise inclusion of elliptic curves with bindist USE flag"; Gentoo Linux, Current packages; CONF; aballier:base-system
[19:29:24] <prometheanfire> ah, k
[19:29:30] <ulm> hi
[19:29:31] <robbat2> i just asked ulm to join re 318841
[19:29:37] <dilfridge> hm?
[19:29:38] <dilfridge> ah
[19:29:53] <robbat2> per 318841, originally you were going to add just a license statement
[19:30:00] <robbat2> but your recent comment said add RESTRICT=bindist too
[19:30:09] <antarus> why doesn't upstream care?
[19:30:13] <robbat2> would that not break any install media using the firmware
[19:30:21] <ulm> RESTRICT=mirror too
[19:30:25] <antarus> aren't they also distributin?
[19:30:35] <robbat2> because catalyst wouldn't have it on the media?
[19:30:45] <robbat2> upstream is distributing the firmware yes
[19:31:25] <ulm> robbat2: some of the firmware blobs seem to come without any license at all
[19:31:27] <antarus> why do we care when they don't?
[19:31:47] <ulm> because without a license we cannot redistribute them
[19:31:55] <antarus> (not saying we are wrong, but more so looking for their rationale)
[19:32:04] <robbat2> why does our redistribution differ from upstream redistribution?
[19:32:07] <antarus> what do they know that we don't :)
[19:32:33] <ulm> then there are others that alledgedly are GPL licensed but their source is not available
[19:32:52] <ulm> which has the same consequence, namely that it's not distributable
[19:33:21] <mrueg> can we get a USE="proper-licensing" that fetches a different tarball which contains validated firmware? 
[19:33:33] <robbat2> ulm: if upstream redistributes it, and we also redistribute it; surely we have a lower risk profile than upstream?
[19:33:58] <ulm> robbat2: upstream owns copyright so they can do what they want
[19:34:14] <robbat2> upstream is the linux-firmware.git repo owner
[19:34:17] <robbat2> not the creator of the firmware
[19:34:27] <robbat2> https://git.kernel.org/?p=linux/kernel/git/firmware/linux-firmware.git
[19:34:52] <antarus> yes, exactly
[19:35:09] <ulm> so if the linux-firmware repo owner violates copyright, it follows that we're allowed to violate it too?
[19:35:16] <antarus> no
[19:35:33] <antarus> I want to understand if its by accident, on purpose, or if they have some other circumstance
[19:35:38] <SwifT> have we reported the licensing problems to the linux-firmware.git project owner? if not, it might be a good idea to do so, perhaps they have more info on these things?
[19:35:48] <ulm> SwifT: yes we have
[19:35:53] <prometheanfire> response?
[19:36:04] <robbat2> SwifT: yes, that's covered in the bug, gregkh took it very far up in the linux foundation, to no real resolution
[19:36:12] <ulm> let me look up the history
[19:36:27] <ulm> wasn't that in the bug?
[19:36:37] <SwifT> if our main concern right now is to not break the installation media, is the only alternative (beyond ignoring the issue) to break up and only pull the correctly licensed firmware ?
[19:36:43] <prometheanfire> I don't see it in the bug
[19:37:10] <ulm> give me a minute
[19:38:00] <ulm> ok, it was reported upstream in Feb. 2013
[19:38:31] <robbat2> in the spirit of pragmatic solutions, keep the ' According to upstream, all of them should be redistributable.' statement, augment it to say that we disagree, but will continue to redistribute it for working install media
[19:38:35] <ulm> and it went up to the Technical Advisory board of the Linux Foundation
[19:38:50] <ulm> who tasked GregKH with it
[19:39:03] <ulm> according to a mail from him in March 2013
[19:39:14] <ulm> then we sent a reminder in May 2013
[19:39:30] <ulm> and since then nothing seems to have happened
[19:39:31] <antarus> I mean I see two arguments here, an ethical argument about following the law
[19:39:38] <antarus> and an argument about legal exposure
[19:40:08] <ulm> robbat2: I don't think we have a statement from upstream that all are distributable
[19:40:59] <antarus> "This repository contains all these firmware images which have been
[19:41:00] <antarus> extracted from older drivers, as well various new firmware images which
[19:41:00] <antarus> we were never permitted to include in a GPL'd work, but which we _have_
[19:41:01] <antarus> been permitted to redistribute under separate cover."
[19:41:15] <ulm> the wording in the last version of that note is "Most likely, some of the images are not redistributable." and I believe that it accurately describes the situation
[19:41:58] <mrueg> https://packages.debian.org/sid/firmware-misc-nonfree is that a stripped down version of the same? 
[19:42:00] <ulm> antarus: who is the "we" in "we have been permitted"?
[19:42:35] <robbat2> ulm: their statement is implicit in that they are redistributing them
[19:43:08] <antarus> I think my point is that from a legal perspective the risk of action seems low
[19:43:11] <antarus> and the benefit high
[19:43:54] <antarus> I'm less convinced on the social contract angle (does it allow us to take this sort of action?)
[19:45:02] <robbat2> as an example of breakage, the firmware that we decided was not redistributable includes really common stuff like e100
[19:46:37] <K_F> is it really breakage as long as it is installable?
[19:46:51] <prometheanfire> network makes it un-fetchable
[19:47:03] <robbat2> you need to include the firmware on the install media to start up the network :-)
[19:47:05] <prometheanfire> bootstraping problem
[19:47:27] <ulm> then sort it out with the copyright holder?
[19:49:00] <robbat2> wasn't our discussion from 2013 that attempt already, to no avail?
[19:49:30] <ulm> yes, no progress because linux upstream didn't do their homework
[19:50:10] <prometheanfire> prod them again?
[19:50:12] <robbat2> so we're faced with the choice of: break install media || ethically follow law
[19:50:22] <K_F> prometheanfire: seems like a possible action 
[19:50:37] <K_F> prometheanfire: in particular if there are outstanding output from last discussion
[19:50:44] <prometheanfire> yep
[19:50:53] <ulm> robbat2: we should at least add a license notice as suggested in bug 318841
[19:50:55] <willikins> https://bugs.gentoo.org/318841 "sys-kernel/linux-firmware incomplete LICENSE"; Gentoo Linux, New packages; IN_P; ulm:licenses
[19:50:59] <prometheanfire> it seems like the original question was never resolved
[19:51:07] <SwifT> I would rather see the ebuild reflect the actual state, and if necessary override it when building media (if that is the course that would be suggested)
[19:51:09] <robbat2> yes, definetly add the notice, but no RESTRICT
[19:51:09] <ulm> even if that wouldn't go along with any RESTRICT
[19:51:15] <ulm> yep :)
[19:51:33] <prometheanfire> yep, add notice, no restrict, prod upstream again
[19:52:06] <robbat2> ulm: where was the gregkh / LF TAB piece, so we can link to it from the text?
[19:52:15] <SwifT> prometheanfire: wouldn't it make more sense that catalyst overrides it, but let the ebuild reflect it as suggested by the bug?
[19:52:48] <ulm> robbat2: e-mail to licenses@
[19:52:57] <ulm> Mon, 25 Mar 2013 06:30:26 -0700
[19:53:00] <robbat2> i'd have to double-check, but I think catalyst can't override RESTRICT=bindist
[19:53:12] <robbat2> for a single package
[19:54:01] <ulm> can we say "Most likely, some of the images are not redistributable"?
[19:54:12] <ulm> or choose a weaker wording, saying that we don't know or aren't sure?
[19:54:52] <prometheanfire> It is likely, instead of most likely?
[19:55:23] <ulm> "Possibly"?
[19:55:37] <SwifT> I'd rather say that we don't know (something akin to "Although the firmware is distributed through the linux-firmware project, some of the firmware is not accompanied by a proper license attribution, making it difficult for us to know if the files are redistributable or not."
[19:55:40] <robbat2> "Most likely, upstream redistribution of some firmware images may conflict with the licenses or lack thereof on the images"
[19:56:14] <ulm> wfm
[19:56:23] <prometheanfire> k
[19:56:35] <prometheanfire> so, we good?
[19:56:36] <antarus> sgtm
[19:56:39] <robbat2> +1
[19:56:44] <dabbott> +1
[19:56:49] <robbat2> thanks for being available on short notice ulm
[19:57:04] <SwifT> is it on the statement that robbat2 made? (just to be certain)
[19:57:36] <ulm> so, full text of the notice will be:
[19:57:37] <ulm> "Linux firmware images are distributed under a variety of licenses, many of them being non-free. Most likely, upstream redistribution of some firmware images may conflict with the licenses or lack thereof on the images. You will need to check the WHENCE and LICEN[CS]E.* files in the package for specific licensing terms."
[19:58:25] <ulm> and no RESTRICT
[19:58:30] <prometheanfire> k
[19:58:33] <robbat2> +1
[19:58:35] <SwifT> ok
[19:58:40] <prometheanfire> 2+1
[19:58:43] <dabbott> ok
[19:59:12] <prometheanfire> do we have time to talk about bitcoin?
[20:01:15] LINK: https://bugs.gentoo.org/show_bug.cgi?id=476718 [476718 – Request for bitcoin donation support]
[20:01:17] <prometheanfire> bug 476718
[20:01:20] <willikins> prometheanfire: https://bugs.gentoo.org/476718 "Request for bitcoin donation support"; Gentoo Foundation, Proposals; CONF; rich0:trustees
[20:01:29] <robbat2> as treasurer, I will re-assert what the bug noted before: i'm only comfortable if we accept it in a manner that immediately converts it to another currency
[20:01:39] <robbat2> and not carry a balance in it
[20:01:40] <prometheanfire> the idea is to accept bitcoin donations and immediatly cash out
[20:01:50] <prometheanfire> yep, I think that's for the best
[20:02:03] <SwifT> yup agree to that... accountancy with multiple currencies is a nightmare
[20:02:23] <robbat2> it's more that bitcoin has special tax implications since it's not entirely a currency
[20:02:40] <robbat2> multi-currency accounting itself is not a problem
[20:02:51] <robbat2> just more painful than single-currency accounting
[20:03:22] <robbat2> (and for the record, i'm not anti-bitcoin, i personally have a diverse investment portfolio that does include bitcoin)
[20:03:26] <antarus> the cashing out is more to avoid the volatility
[20:03:51] <robbat2> i'd say it's to avoid the capital gain/loss side effects of the volatility
[20:04:00] <SwifT> whatever the reason, I think we all agree to it ;)
[20:04:11] <prometheanfire> yep
[20:04:12] <prometheanfire> +1
[20:04:19] <SwifT> +2
[20:04:26] <robbat2> signing up for some of the providers needs us to fix the bank accounts first
[20:04:36] <antarus> don't we need to like, yeah have accounts people can donate to?
[20:05:11] <prometheanfire> this can depend on the bank then
[20:06:10] <prometheanfire> next?
[20:06:43] <K_F> robbat2: might be an idea to look into services that converts bitcoin to currency at time of donation, we do that for some other organisations
[20:07:01] <robbat2> the github ToS issue on bug 611376 had some followup questions
[20:07:03] <willikins> robbat2: https://bugs.gentoo.org/611376 "New GitHub Terms of Service"; Gentoo Foundation, Proposals; CONF; ulm:trustees
[20:07:34] <robbat2> specifically, that we distribute some patches in the tree, and the patches have licenses that are violated by the GitHub TOS
[20:07:57] <robbat2> i think just moving those patches to distfiles would suffice
[20:08:28] <robbat2> with the exeption of licenses/GPL-2 itself
[20:09:28] <prometheanfire> that sounds ok
[20:09:33] <robbat2> (other than the above, I have no further business)
[20:09:42] <ulm> it's rather licenses/* (but it doesn't change the argument of course)
[20:10:48] <robbat2> GPL-2 is a useful example, because the FSF wants it included in every package that's GPL-2, and they themselves said the GH TOS are ok
[20:13:19] <robbat2> for the moment then, RESO:talk-to-FSF-again
[20:13:39] <prometheanfire> ya
[20:13:44] <dabbott> ok
[20:13:54] <robbat2> ulm: ok if I draft and email and run it by you before sending it to licensing@fsf?
[20:14:00] <ulm> sure
[20:15:06] <robbat2> prometheanfire: any other business?
[20:15:48] <prometheanfire> nope, just picking the next meeting
[20:16:08] <prometheanfire> may 21?
[20:16:35] Current subject: Date of Next Meeting - Sun May 21 2017 19:00 UTC, (set by dabbott)
[20:16:44] <dabbott> fine here
[20:16:44] <robbat2> still good with me
[20:17:13] <prometheanfire> antarus: SwifT ?
[20:17:24] <SwifT> ok
[20:17:31] <SwifT> had to check my calendar, sorry for the delay
[20:18:23] <prometheanfire> ok, going for that then
[20:18:43] <prometheanfire> think that's it, unless someone has something else?
[20:19:10] <prometheanfire> k, ending
[20:19:13] Meeting ended by prometheanfire, total meeting length 4661 seconds